Monday, December 29, 2008

RXToolbar Adware

RXToolbar malware description and removal detail
Categories:Adware
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_closetabs.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_closetabs_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_closetabs_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_closetabs_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_download.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_download_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_download_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_download_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_messageuser.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_messageuser_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_messageuser_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_messageuser_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_newsearch.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_newsearch_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_newsearch_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_newsearch_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_searchuser.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_searchuser_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_searchuser_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_searchuser_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_showsearch.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_showsearch_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_showsearch_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_showsearch_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\trafficbar_resume.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\trafficbar_resume_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\trafficbar_resume_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\trafficbar_resume_sel.bmp
[%PROGRAM_FILES%]\rxtoolbar\CacheCatalog.rx
[%PROGRAM_FILES%]\rxtoolbar\CacheCatolog.rx
[%PROGRAM_FILES%]\rxtoolbar\graphics\additional.gif
[%PROGRAM_FILES%]\rxtoolbar\graphics\additional_active.gif
[%PROGRAM_FILES%]\rxtoolbar\graphics\background.jpg
[%PROGRAM_FILES%]\rxtoolbar\graphics\blue_hr_horz.GIF
[%PROGRAM_FILES%]\rxtoolbar\graphics\gray_hr_horz.GIF
[%PROGRAM_FILES%]\rxtoolbar\graphics\thumbtack.gif
[%PROGRAM_FILES%]\rxtoolbar\graphics\thumbtack_active.gif
[%PROGRAM_FILES%]\rxtoolbar\graphics\thumbtack_click.gif
[%PROGRAM_FILES%]\rxtoolbar\html\content.htm
[%PROGRAM_FILES%]\rxtoolbar\html\main.htm
[%PROGRAM_FILES%]\rxtoolbar\rx.xml
[%PROGRAM_FILES%]\rxtoolbar\rxtoolbar.cfg
[%PROGRAM_FILES%]\rxtoolbar\RXToolBar.dll
[%PROGRAM_FILES%]\rxtoolbar\rxwebsearches.xsl
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bKPack01.01.dat
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bKPack01.01.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bKPack01.dat
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bKPack01.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bLabels01.dat
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bLabels01.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\CustomerSecret.Key
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\CustomerSecret.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\nLabels01.dat
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\nLabels01.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\SemanticInsight.dat
[%PROGRAM_FILES%]\RXToolBar\Semantic Insight\SemanticInsight.exe
[%PROGRAM_FILES%]\rxtoolbar\sfcont.bin
[%PROGRAM_FILES%]\rxtoolbar\sfcont.dll
[%PROGRAM_FILES%]\rxtoolbar\yahoo.xsl
[%WINDOWS%]\temp\adware\RXToolbar.exe
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_closetabs.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_closetabs_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_closetabs_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_closetabs_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_download.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_download_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_download_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_download_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_messageuser.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_messageuser_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_messageuser_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_messageuser_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_newsearch.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_newsearch_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_newsearch_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_newsearch_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_searchuser.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_searchuser_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_searchuser_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_searchuser_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_showsearch.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_showsearch_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_showsearch_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_showsearch_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\trafficbar_resume.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\trafficbar_resume_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\trafficbar_resume_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\trafficbar_resume_sel.bmp
[%PROGRAM_FILES%]\rxtoolbar\CacheCatalog.rx
[%PROGRAM_FILES%]\rxtoolbar\CacheCatolog.rx
[%PROGRAM_FILES%]\rxtoolbar\graphics\additional.gif
[%PROGRAM_FILES%]\rxtoolbar\graphics\additional_active.gif
[%PROGRAM_FILES%]\rxtoolbar\graphics\background.jpg
[%PROGRAM_FILES%]\rxtoolbar\graphics\blue_hr_horz.GIF
[%PROGRAM_FILES%]\rxtoolbar\graphics\gray_hr_horz.GIF
[%PROGRAM_FILES%]\rxtoolbar\graphics\thumbtack.gif
[%PROGRAM_FILES%]\rxtoolbar\graphics\thumbtack_active.gif
[%PROGRAM_FILES%]\rxtoolbar\graphics\thumbtack_click.gif
[%PROGRAM_FILES%]\rxtoolbar\html\content.htm
[%PROGRAM_FILES%]\rxtoolbar\html\main.htm
[%PROGRAM_FILES%]\rxtoolbar\rx.xml
[%PROGRAM_FILES%]\rxtoolbar\rxtoolbar.cfg
[%PROGRAM_FILES%]\rxtoolbar\RXToolBar.dll
[%PROGRAM_FILES%]\rxtoolbar\rxwebsearches.xsl
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bKPack01.01.dat
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bKPack01.01.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bKPack01.dat
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bKPack01.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bLabels01.dat
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bLabels01.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\CustomerSecret.Key
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\CustomerSecret.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\nLabels01.dat
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\nLabels01.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\SemanticInsight.dat
[%PROGRAM_FILES%]\RXToolBar\Semantic Insight\SemanticInsight.exe
[%PROGRAM_FILES%]\rxtoolbar\sfcont.bin
[%PROGRAM_FILES%]\rxtoolbar\sfcont.dll
[%PROGRAM_FILES%]\rxtoolbar\yahoo.xsl
[%WINDOWS%]\temp\adware\RXToolbar.exe

In order to ensure that the RXToolbar is launched automatically each time the system is booted, the RXToolbar adds a link to its executable file in the system registry:
HKLM\Microsoft\Windows\CurrentVersion\Run
[%PROGRAM_FILES%]\RXToolBar\Semantic Insight\SemanticInsight.exe
[%WINDOWS%]\temp\adware\RXToolbar.exe

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting RXToolbar:

Files:
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_closetabs.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_closetabs_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_closetabs_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_closetabs_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_download.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_download_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_download_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_download_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_messageuser.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_messageuser_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_messageuser_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_messageuser_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_newsearch.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_newsearch_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_newsearch_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_newsearch_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_searchuser.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_searchuser_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_searchuser_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_searchuser_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_showsearch.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_showsearch_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_showsearch_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_showsearch_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\trafficbar_resume.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\trafficbar_resume_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\trafficbar_resume_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\trafficbar_resume_sel.bmp
[%PROGRAM_FILES%]\rxtoolbar\CacheCatalog.rx
[%PROGRAM_FILES%]\rxtoolbar\CacheCatolog.rx
[%PROGRAM_FILES%]\rxtoolbar\graphics\additional.gif
[%PROGRAM_FILES%]\rxtoolbar\graphics\additional_active.gif
[%PROGRAM_FILES%]\rxtoolbar\graphics\background.jpg
[%PROGRAM_FILES%]\rxtoolbar\graphics\blue_hr_horz.GIF
[%PROGRAM_FILES%]\rxtoolbar\graphics\gray_hr_horz.GIF
[%PROGRAM_FILES%]\rxtoolbar\graphics\thumbtack.gif
[%PROGRAM_FILES%]\rxtoolbar\graphics\thumbtack_active.gif
[%PROGRAM_FILES%]\rxtoolbar\graphics\thumbtack_click.gif
[%PROGRAM_FILES%]\rxtoolbar\html\content.htm
[%PROGRAM_FILES%]\rxtoolbar\html\main.htm
[%PROGRAM_FILES%]\rxtoolbar\rx.xml
[%PROGRAM_FILES%]\rxtoolbar\rxtoolbar.cfg
[%PROGRAM_FILES%]\rxtoolbar\RXToolBar.dll
[%PROGRAM_FILES%]\rxtoolbar\rxwebsearches.xsl
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bKPack01.01.dat
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bKPack01.01.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bKPack01.dat
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bKPack01.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bLabels01.dat
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bLabels01.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\CustomerSecret.Key
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\CustomerSecret.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\nLabels01.dat
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\nLabels01.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\SemanticInsight.dat
[%PROGRAM_FILES%]\RXToolBar\Semantic Insight\SemanticInsight.exe
[%PROGRAM_FILES%]\rxtoolbar\sfcont.bin
[%PROGRAM_FILES%]\rxtoolbar\sfcont.dll
[%PROGRAM_FILES%]\rxtoolbar\yahoo.xsl
[%WINDOWS%]\temp\adware\RXToolbar.exe
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_closetabs.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_closetabs_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_closetabs_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_closetabs_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_download.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_download_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_download_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_download_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_messageuser.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_messageuser_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_messageuser_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_messageuser_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_newsearch.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_newsearch_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_newsearch_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_newsearch_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_searchuser.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_searchuser_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_searchuser_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_searchuser_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_showsearch.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_showsearch_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_showsearch_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\searchbar_showsearch_sel.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\trafficbar_resume.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\trafficbar_resume_dis.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\trafficbar_resume_over.bmp
[%PROGRAM_FILES%]\Kazaa\Skins\Black Glass\trafficbar_resume_sel.bmp
[%PROGRAM_FILES%]\rxtoolbar\CacheCatalog.rx
[%PROGRAM_FILES%]\rxtoolbar\CacheCatolog.rx
[%PROGRAM_FILES%]\rxtoolbar\graphics\additional.gif
[%PROGRAM_FILES%]\rxtoolbar\graphics\additional_active.gif
[%PROGRAM_FILES%]\rxtoolbar\graphics\background.jpg
[%PROGRAM_FILES%]\rxtoolbar\graphics\blue_hr_horz.GIF
[%PROGRAM_FILES%]\rxtoolbar\graphics\gray_hr_horz.GIF
[%PROGRAM_FILES%]\rxtoolbar\graphics\thumbtack.gif
[%PROGRAM_FILES%]\rxtoolbar\graphics\thumbtack_active.gif
[%PROGRAM_FILES%]\rxtoolbar\graphics\thumbtack_click.gif
[%PROGRAM_FILES%]\rxtoolbar\html\content.htm
[%PROGRAM_FILES%]\rxtoolbar\html\main.htm
[%PROGRAM_FILES%]\rxtoolbar\rx.xml
[%PROGRAM_FILES%]\rxtoolbar\rxtoolbar.cfg
[%PROGRAM_FILES%]\rxtoolbar\RXToolBar.dll
[%PROGRAM_FILES%]\rxtoolbar\rxwebsearches.xsl
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bKPack01.01.dat
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bKPack01.01.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bKPack01.dat
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bKPack01.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bLabels01.dat
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\bLabels01.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\CustomerSecret.Key
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\CustomerSecret.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\nLabels01.dat
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\nLabels01.sig
[%PROGRAM_FILES%]\rxtoolbar\semantic insight\SemanticInsight.dat
[%PROGRAM_FILES%]\RXToolBar\Semantic Insight\SemanticInsight.exe
[%PROGRAM_FILES%]\rxtoolbar\sfcont.bin
[%PROGRAM_FILES%]\rxtoolbar\sfcont.dll
[%PROGRAM_FILES%]\rxtoolbar\yahoo.xsl
[%WINDOWS%]\temp\adware\RXToolbar.exe

Folders:
[%PROGRAM_FILES%]\rxtoolbar
[%PROGRAM_FILES%]\aaayoureweb

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{25d8bacf-3de2-4b48-ae22-d659b8d835b0}
HKEY_CLASSES_ROOT\clsid\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}
HKEY_CLASSES_ROOT\clsid\{59879fa4-4790-461c-a1cc-4ec4de4ca483}
HKEY_CLASSES_ROOT\rxresult.rxresultfilter
HKEY_CLASSES_ROOT\rxresult.rxresultfilter.1
HKEY_CLASSES_ROOT\rxresult.rxresulttracker
HKEY_CLASSES_ROOT\rxresult.rxresulttracker.1
HKEY_CLASSES_ROOT\rxtoolbar.tbinfo
HKEY_CLASSES_ROOT\rxtoolbar.tbinfo.1
HKEY_CLASSES_ROOT\typelib\{05563f82-69a7-40a6-8670-153b635a7ef6}
HKEY_CLASSES_ROOT\typelib\{66b20295-dc57-42b6-acdf-52d916e86464}
HKEY_CURRENT_USER\software\rx toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59879fa4-4790-461c-a1cc-4ec4de4ca483}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\RXToolBar
HKEY_LOCAL_MACHINE\software\rxresults
HKEY_CLASSES_ROOT\rxtoolbar.tbinfo rx toolbar
HKEY_CLASSES_ROOT\rxtoolbar.tbinfo.1 rx toolbar
HKEY_CURRENT_USER\software\aaayoureweb
HKEY_LOCAL_MACHINE\software\aaayoureweb
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar {25d8bacf-3de2-4b48-ae22-d659b8d835b0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\rxtoolbar
HKEY_LOCAL_MACHINE\software\rtrmin

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\aaayoureweb toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\aaayoureweb toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\aaayoureweb toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\aaayoureweb toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\aaayoureweb toolbar

Removing RXToolbar:

An up-to-date copy of ExterminateIt should detect and prevent infection from RXToolbar.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove RXToolbar manually.

To completely manually remove RXToolbar malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with RXToolbar.

  1. Use Task Manager to terminate the RXToolbar process.
  2. Delete the original RXToolbar file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes RXToolbar from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of RXToolbar!


Also Be Aware of the Following Threats:
addynamix.com Tracking Cookie Cleaner

Vxidl.ACG Trojan

Vxidl.ACG malware description and removal detail
Categories:Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Vxidl.ACG:

An up-to-date copy of ExterminateIt should detect and prevent infection from Vxidl.ACG.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Vxidl.ACG manually.

To completely manually remove Vxidl.ACG malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Vxidl.ACG.

  1. Use Task Manager to terminate the Vxidl.ACG process.
  2. Delete the original Vxidl.ACG file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Vxidl.ACG from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Vxidl.ACG!


Also Be Aware of the Following Threats:
Removing SillyDl.CAQ Trojan
StObj32 Trojan Removal
Axload Downloader Symptoms
Remove WhenUShop Adware
Key.Recorder Spyware Symptoms

Pigeon.EKY Trojan

Pigeon.EKY malware description and removal detail
Categories:Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Pigeon.EKY:

An up-to-date copy of ExterminateIt should detect and prevent infection from Pigeon.EKY.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Pigeon.EKY manually.

To completely manually remove Pigeon.EKY malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Pigeon.EKY.

  1. Use Task Manager to terminate the Pigeon.EKY process.
  2. Delete the original Pigeon.EKY file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Pigeon.EKY from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Pigeon.EKY!


Also Be Aware of the Following Threats:
Startpage.Z!downloader Trojan Information
Remove DeepThroat.Foreplay Backdoor

Win95.Zom Trojan

Win95.Zom malware description and removal detail
Categories:Trojan
Also known as:

[Kaspersky]Win95.Zom.4096.a;
[Computer Associates]Win95.Zom.4096.A,Win95/Z0mbie.4096

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Win95.Zom:

An up-to-date copy of ExterminateIt should detect and prevent infection from Win95.Zom.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Win95.Zom manually.

To completely manually remove Win95.Zom malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win95.Zom.

  1. Use Task Manager to terminate the Win95.Zom process.
  2. Delete the original Win95.Zom file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Win95.Zom from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Win95.Zom!


Also Be Aware of the Following Threats:
Win32.Cres Adware Information
Pigeon.AUZP Trojan Removal

Bancos.HGW Trojan

Bancos.HGW malware description and removal detail
Categories:Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Bancos.HGW:

An up-to-date copy of ExterminateIt should detect and prevent infection from Bancos.HGW.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Bancos.HGW manually.

To completely manually remove Bancos.HGW malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bancos.HGW.

  1. Use Task Manager to terminate the Bancos.HGW process.
  2. Delete the original Bancos.HGW file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Bancos.HGW from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Bancos.HGW!


Also Be Aware of the Following Threats:
Removing CrazyWin Adware
Fechye Trojan Removal instruction

Win32.PSW.Ges Trojan

Win32.PSW.Ges malware description and removal detail
Categories:Trojan
Also known as:

[Kaspersky]TrojanSpy.Win32.Sysbug;
[Panda]Trj/Sysbug.A;
[Computer Associates]Win32/LdPinch.G!PWS!Trojan,Win32.LdPinch.G

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Win32.PSW.Ges:

An up-to-date copy of ExterminateIt should detect and prevent infection from Win32.PSW.Ges.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Win32.PSW.Ges manually.

To completely manually remove Win32.PSW.Ges malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.PSW.Ges.

  1. Use Task Manager to terminate the Win32.PSW.Ges process.
  2. Delete the original Win32.PSW.Ges file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Win32.PSW.Ges from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Win32.PSW.Ges!


Also Be Aware of the Following Threats:
Adware.BitLocker.dr Adware Information
SillyDl.DBL Trojan Removal
Pigeon.AHJ Trojan Removal
OS2 Trojan Symptoms
Removing Adware.Qyule Trojan

Bat.Hommie Trojan

Bat.Hommie malware description and removal detail
Categories:Trojan,Backdoor,Downloader,DoS
Also known as:

[Kaspersky]BAT.IBBM.Homeslice;
[Panda]Trj/Bat.Gen

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Bat.Hommie:

An up-to-date copy of ExterminateIt should detect and prevent infection from Bat.Hommie.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Bat.Hommie manually.

To completely manually remove Bat.Hommie malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Bat.Hommie.

  1. Use Task Manager to terminate the Bat.Hommie process.
  2. Delete the original Bat.Hommie file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Bat.Hommie from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Bat.Hommie!


Also Be Aware of the Following Threats:
Agent.pn Backdoor Removal
Removing ErrorSafeDown Downloader
Phishbank.BBD Trojan Cleaner
Remove Bancos.HHH Trojan
Chpok Backdoor Symptoms

SSPPYY RAT

SSPPYY malware description and removal detail
Categories:RAT

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing SSPPYY:

An up-to-date copy of ExterminateIt should detect and prevent infection from SSPPYY.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove SSPPYY manually.

To completely manually remove SSPPYY malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with SSPPYY.

  1. Use Task Manager to terminate the SSPPYY process.
  2. Delete the original SSPPYY file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes SSPPYY from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of SSPPYY!


Also Be Aware of the Following Threats:
Removing Botao Trojan
Backdoor.An Backdoor Removal instruction
Removing Pigeon.AQU Trojan

Qroject.MultiDownloader Downloader

Qroject.MultiDownloader malware description and removal detail
Categories:Downloader

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Qroject.MultiDownloader:

An up-to-date copy of ExterminateIt should detect and prevent infection from Qroject.MultiDownloader.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Qroject.MultiDownloader manually.

To completely manually remove Qroject.MultiDownloader malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Qroject.MultiDownloader.

  1. Use Task Manager to terminate the Qroject.MultiDownloader process.
  2. Delete the original Qroject.MultiDownloader file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Qroject.MultiDownloader from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Qroject.MultiDownloader!


Also Be Aware of the Following Threats:
SillyDl.DIB Downloader Symptoms
Secdrop Trojan Symptoms

Winfixer.Installer Adware

Winfixer.Installer malware description and removal detail
Categories:Adware

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting Winfixer.Installer:

Folders:
[%PROFILE_TEMP%]\NI.UGA6P_0001_N111M1707

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Winfixer.Installer:

An up-to-date copy of ExterminateIt should detect and prevent infection from Winfixer.Installer.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Winfixer.Installer manually.

To completely manually remove Winfixer.Installer malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Winfixer.Installer.

  1. Use Task Manager to terminate the Winfixer.Installer process.
  2. Delete the original Winfixer.Installer file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Winfixer.Installer from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Winfixer.Installer!


Also Be Aware of the Following Threats:
PWS.LegMir.gen Trojan Information
Fake.login.for.ICQ Trojan Cleaner
NetDemon.10!Server Backdoor Information

PhactV Trojan

PhactV malware description and removal detail
Categories:Trojan
Also known as:

[McAfee]PhactV;
[Other]CryptCOM,Exploit.Java

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing PhactV:

An up-to-date copy of ExterminateIt should detect and prevent infection from PhactV.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove PhactV manually.

To completely manually remove PhactV malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with PhactV.

  1. Use Task Manager to terminate the PhactV process.
  2. Delete the original PhactV file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes PhactV from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of PhactV!


Also Be Aware of the Following Threats:
Recub.Server Trojan Removal
Backtime Trojan Cleaner
PortTerminator DoS Symptoms

Lemming Trojan

Lemming malware description and removal detail
Categories:Trojan,Backdoor,Downloader,DoS
Also known as:

[Kaspersky]Lemming.2144.a;
[McAfee]Lemming;
[Panda]Lemming.2144.1STG,Lemming.2160.1STG;
[Computer Associates]Lemming.2144,Lemming

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Lemming:

An up-to-date copy of ExterminateIt should detect and prevent infection from Lemming.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Lemming manually.

To completely manually remove Lemming malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Lemming.

  1. Use Task Manager to terminate the Lemming process.
  2. Delete the original Lemming file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Lemming from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Lemming!


Also Be Aware of the Following Threats:
Pigeon.ANI Trojan Removal
Last2000 Trojan Information
Why.Windows Trojan Information

AntiSpyware.Soldier Adware

AntiSpyware.Soldier malware description and removal detail
Categories:Adware
Visible Symptoms:
Files in system folders:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Antispyware Soldier.lnk
[%DESKTOP%]\Antispyware Soldier.lnk
[%STARTUP%]\antispysoldier.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Antispyware Soldier.lnk
[%DESKTOP%]\Antispyware Soldier.lnk
[%STARTUP%]\antispysoldier.lnk

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting AntiSpyware.Soldier:

Files:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Antispyware Soldier.lnk
[%DESKTOP%]\Antispyware Soldier.lnk
[%STARTUP%]\antispysoldier.lnk
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Antispyware Soldier.lnk
[%DESKTOP%]\Antispyware Soldier.lnk
[%STARTUP%]\antispysoldier.lnk

Folders:
[%LOCAL_APPDATA%]\AntispywareSoldier
[%PROGRAM_FILES%]\Antispyware Soldier

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware Soldier_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\antispyware soldier_is1

Removing AntiSpyware.Soldier:

An up-to-date copy of ExterminateIt should detect and prevent infection from AntiSpyware.Soldier.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove AntiSpyware.Soldier manually.

To completely manually remove AntiSpyware.Soldier malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with AntiSpyware.Soldier.

  1. Use Task Manager to terminate the AntiSpyware.Soldier process.
  2. Delete the original AntiSpyware.Soldier file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes AntiSpyware.Soldier from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of AntiSpyware.Soldier!


Also Be Aware of the Following Threats:
Vxidl.BEI Trojan Information
Remove SchasExe Backdoor
Cybertech.Family Trojan Symptoms
SillyDl.CNS Trojan Cleaner
Removing Bancos.HRJ Trojan

NowBox Adware

NowBox malware description and removal detail
Categories:Adware,Hijacker
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\nowbox.lnk
[%PROGRAMS%]\nowbox\nowbox.lnk
[%STARTUP%]\nowbox.lnk
[%SYSTEM%]\systrayuser.dll
[%WINDOWS%]\system\systrayuser.dll
[%DESKTOP%]\nowbox.lnk
[%PROGRAMS%]\nowbox\nowbox.lnk
[%STARTUP%]\nowbox.lnk
[%SYSTEM%]\systrayuser.dll
[%WINDOWS%]\system\systrayuser.dll

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting NowBox:

Files:
[%DESKTOP%]\nowbox.lnk
[%PROGRAMS%]\nowbox\nowbox.lnk
[%STARTUP%]\nowbox.lnk
[%SYSTEM%]\systrayuser.dll
[%WINDOWS%]\system\systrayuser.dll
[%DESKTOP%]\nowbox.lnk
[%PROGRAMS%]\nowbox\nowbox.lnk
[%STARTUP%]\nowbox.lnk
[%SYSTEM%]\systrayuser.dll
[%WINDOWS%]\system\systrayuser.dll

Folders:
[%PROFILE%]\start menu\programs\nowbox
[%PROGRAM_FILES%]\vflash

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{a0bd4ff5-d828-11d3-9eb5-00600837e6ee}
HKEY_CLASSES_ROOT\interface\{a0bd4ff6-d828-11d3-9eb5-00600837e6ee}
HKEY_CLASSES_ROOT\systrayuser.energenicsystrayuser
HKEY_CLASSES_ROOT\systrayuser.energenicsystrayuser.1
HKEY_CLASSES_ROOT\typelib\{a0bd4fe6-d828-11d3-9eb5-00600837e6ee}
HKEY_CURRENT_USER\software\valueflash
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9dc5d4a4-3f21-40e2-aaa5-000000000004}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\nowbox

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

Removing NowBox:

An up-to-date copy of ExterminateIt should detect and prevent infection from NowBox.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove NowBox manually.

To completely manually remove NowBox malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with NowBox.

  1. Use Task Manager to terminate the NowBox process.
  2. Delete the original NowBox file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes NowBox from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of NowBox!


Also Be Aware of the Following Threats:
s0.nl Tracking Cookie Symptoms
Pigeon.AMO Trojan Cleaner
Petala Trojan Removal instruction
Removing SillyDl.COS Trojan

MSN.Geef Trojan

MSN.Geef malware description and removal detail
Categories:Trojan,Backdoor,Hacker Tool
Also known as:

[Panda]Bck/MsnPSWRetrieval,Trojan Horse.LC;
[Computer Associates]Win32/MSN.Geef.A!PWS!Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing MSN.Geef:

An up-to-date copy of ExterminateIt should detect and prevent infection from MSN.Geef.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove MSN.Geef manually.

To completely manually remove MSN.Geef malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with MSN.Geef.

  1. Use Task Manager to terminate the MSN.Geef process.
  2. Delete the original MSN.Geef file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes MSN.Geef from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of MSN.Geef!


Also Be Aware of the Following Threats:
RemoteNC.beta3 Backdoor Removal
PluginAccess Adware Cleaner
Removing valueclick.net Tracking Cookie
Vxidl.ALE Trojan Symptoms
Vxidl.BFE Trojan Removal

Win32.GWBoy Trojan

Win32.GWBoy malware description and removal detail
Categories:Trojan,Backdoor
Also known as:

[Eset]Win32/GWBoy trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Win32.GWBoy:

An up-to-date copy of ExterminateIt should detect and prevent infection from Win32.GWBoy.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Win32.GWBoy manually.

To completely manually remove Win32.GWBoy malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Win32.GWBoy.

  1. Use Task Manager to terminate the Win32.GWBoy process.
  2. Delete the original Win32.GWBoy file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Win32.GWBoy from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Win32.GWBoy!


Also Be Aware of the Following Threats:
Remove MyGeek Tracking Cookie
MSN.Crack.Store Backdoor Information
Bancos.HXP Trojan Cleaner
romancart.com Tracking Cookie Symptoms
No.Frills Trojan Removal

AQP Trojan

AQP malware description and removal detail
Categories:Trojan,Downloader
Visible Symptoms:
Files in system folders:
[%PROGRAM_FILES%]\Microsoft\svhost32.exe
[%PROGRAM_FILES%]\Microsoft\svhost32.exe

In order to ensure that the AQP is launched automatically each time the system is booted, the AQP adds a link to its executable file in the system registry:
HKLM\Microsoft\Windows\CurrentVersion\Run
[%PROGRAM_FILES%]\Microsoft\svhost32.exe

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting AQP:

Files:
[%PROGRAM_FILES%]\Microsoft\svhost32.exe
[%PROGRAM_FILES%]\Microsoft\svhost32.exe

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing AQP:

An up-to-date copy of ExterminateIt should detect and prevent infection from AQP.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove AQP manually.

To completely manually remove AQP malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with AQP.

  1. Use Task Manager to terminate the AQP process.
  2. Delete the original AQP file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes AQP from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of AQP!


Also Be Aware of the Following Threats:
WurldMedia.Mo Hijacker Cleaner
W95.Invir.dr Trojan Cleaner
Wisconsin Trojan Removal instruction
INF.Pigeon Trojan Information
Removing ICQ.version.and.UDP.portion.details Trojan

Vxidl.ABV Trojan

Vxidl.ABV malware description and removal detail
Categories:Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Vxidl.ABV:

An up-to-date copy of ExterminateIt should detect and prevent infection from Vxidl.ABV.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Vxidl.ABV manually.

To completely manually remove Vxidl.ABV malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Vxidl.ABV.

  1. Use Task Manager to terminate the Vxidl.ABV process.
  2. Delete the original Vxidl.ABV file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Vxidl.ABV from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Vxidl.ABV!


Also Be Aware of the Following Threats:
AP.gh Trojan Symptoms
Remove Bancos.IHG Trojan
Agent.cl Trojan Information
Pux Downloader Cleaner

Systemdo Trojan

Systemdo malware description and removal detail
Categories:Trojan,Hacker Tool
Also known as:

[Panda]HLL.Gen,Trj/DUNPWS.GA,Trj/DUNPWS.GA.DLL;
[Computer Associates]Systemdo.A!PWS!Trojan,Win.PSW.Systemdo,Win32/Systemdo.A!PWS!Trojan,Win32/Systemdo.B!PWS!Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing Systemdo:

An up-to-date copy of ExterminateIt should detect and prevent infection from Systemdo.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Systemdo manually.

To completely manually remove Systemdo malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Systemdo.

  1. Use Task Manager to terminate the Systemdo process.
  2. Delete the original Systemdo file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Systemdo from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Systemdo!


Also Be Aware of the Following Threats:
Bolzano.dr Trojan Removal instruction
Remove MagicLink.NetPCSpy Backdoor
Removing Alex.Server Trojan
Capital Trojan Cleaner
CWS Homepage Hijacker Hijacker Cleaner

insightexpressai.com Tracking Cookie

insightexpressai.com malware description and removal detail
Categories:Tracking Cookie

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing insightexpressai.com:

An up-to-date copy of ExterminateIt should detect and prevent infection from insightexpressai.com.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove insightexpressai.com manually.

To completely manually remove insightexpressai.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with insightexpressai.com.

  1. Use Task Manager to terminate the insightexpressai.com process.
  2. Delete the original insightexpressai.com file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes insightexpressai.com from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of insightexpressai.com!


Also Be Aware of the Following Threats:
PWS.Barok Trojan Removal instruction
Remove Mate.Watcher Spyware
Neworld.Server Backdoor Cleaner

TrojPredator Trojan

TrojPredator malware description and removal detail
Categories:Trojan
Also known as:

[Panda]Trj/Predator;
[Computer Associates]TrojPredator!Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing TrojPredator:

An up-to-date copy of ExterminateIt should detect and prevent infection from TrojPredator.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove TrojPredator manually.

To completely manually remove TrojPredator malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with TrojPredator.

  1. Use Task Manager to terminate the TrojPredator process.
  2. Delete the original TrojPredator file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes TrojPredator from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of TrojPredator!


Also Be Aware of the Following Threats:
Removing Floods DoS

x86.remote.root Trojan

x86.remote.root malware description and removal detail
Categories:Trojan

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing x86.remote.root:

An up-to-date copy of ExterminateIt should detect and prevent infection from x86.remote.root.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove x86.remote.root manually.

To completely manually remove x86.remote.root malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with x86.remote.root.

  1. Use Task Manager to terminate the x86.remote.root process.
  2. Delete the original x86.remote.root file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes x86.remote.root from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of x86.remote.root!


Also Be Aware of the Following Threats:
TetriNET DoS Information
Remove Doom.II.Death Trojan
Symes Backdoor Information
Remove Pigeon.AGJ Trojan

gffn.com Tracking Cookie

gffn.com malware description and removal detail
Categories:Tracking Cookie

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing gffn.com:

An up-to-date copy of ExterminateIt should detect and prevent infection from gffn.com.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove gffn.com manually.

To completely manually remove gffn.com malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with gffn.com.

  1. Use Task Manager to terminate the gffn.com process.
  2. Delete the original gffn.com file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes gffn.com from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of gffn.com!


Also Be Aware of the Following Threats:
BackDoor.FT.svr Trojan Removal instruction

HTTP.RAT Backdoor

HTTP.RAT malware description and removal detail
Categories:Backdoor,RAT
Also known as:

[Kaspersky]Backdoor.Zombam.g,Backdoor.Zombam.h;
[McAfee]BackDoor-ASC.cfg;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Backdoor Program.LC;
[Computer Associates]Backdoor/Zombam.g!Server,Backdoor/Zombam.H!Server

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Removing HTTP.RAT:

An up-to-date copy of ExterminateIt should detect and prevent infection from HTTP.RAT.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove HTTP.RAT manually.

To completely manually remove HTTP.RAT malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with HTTP.RAT.

  1. Use Task Manager to terminate the HTTP.RAT process.
  2. Delete the original HTTP.RAT file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes HTTP.RAT from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of HTTP.RAT!


Also Be Aware of the Following Threats:
QQCat Backdoor Removal
Genue RAT Removal
Senna Backdoor Removal instruction
Removing WSHV Trojan
Bancos.GDA Trojan Cleaner