Trojan Encyclopedia: Jan 3, 2009

Win32.QQRob Trojan

Win32.QQRob description
Also known as:


[Kaspersky]Trojan-PSW.Win32.QQRob.an,Trojan-PSW.Win32.QQRob.15,Trojan-PSW.Win32.QQRob.af;
[McAfee]PWS-QQRob;
[F-Prot]W32/QQRob.D@pws,W32/QQRob.A@pws,W32/QQRob.C@pws;
[Other]Troj/QQRob-AW,Troj/QQRob-CT,W32/QQRob.BZ

Categories:Trojan

The Win32.QQRob adds a link to its executable file in the system registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run [%SYSTEM%]\NTdhcp.exe [%SYSTEM%]\SVCHOT.exe

Platforms / OS: Windows 2000, Windows XP, Windows 2003, Windows Vista

`How to detecting Win32.QQRob:`

Search Files on the disk: [%SYSTEM%]\NTdhcp.exe [%SYSTEM%]\SVCHOT.exe [%SYSTEM%]\NTdhcp.exe [%SYSTEM%]\SVCHOT.exe

    Search registry values in system registry:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run  
   
How To Remove Win32.QQRob:
 You must download ExterminateIt. It can detect Win32.QQRob and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove Win32.QQRob manually.
   Use Task Manager to terminate the Win32.QQRob process.
   Delete the original Win32.QQRob file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of Win32.QQRob! 
  Check now if your PC is infected with Win32.QQRob 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Pigeon.EWU Trojan Symptoms
RedButton RAT Removal instruction
Removing Destruction DoS
SillyDl.CGL Trojan Information




0
comments





W95.Mssu Trojan



W95.Mssu description 
Also known as:

[McAfee]W95/Mssu;
[F-Prot]destructive program;
[Panda]Trj/W32.UrlKiller
Categories:Trojan  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
 
How To Remove W95.Mssu:
 You must download ExterminateIt. It can detect W95.Mssu and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove W95.Mssu manually.
   Use Task Manager to terminate the W95.Mssu process.
   Delete the original W95.Mssu file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of W95.Mssu! 
  Check now if your PC is infected with W95.Mssu 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Remove Vxidl.AOW Trojan




0
comments











ID Backdoor



ID description 
Also known as:

[Kaspersky]Backdoor.Olinger;
[McAfee]Generic BackDoor.b;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program
Categories:Backdoor,RAT,Hacker Tool  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
 
How To Remove ID:
 You must download ExterminateIt. It can detect ID and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove ID manually.
   Use Task Manager to terminate the ID process.
   Delete the original ID file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of ID! 
  Check now if your PC is infected with ID 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Remove MyCpMads.Browser.Optimiser BHO




0
comments











Vxidl.AMO Trojan



Vxidl.AMO description 
Categories:Trojan  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
 
How To Remove Vxidl.AMO:
 You must download ExterminateIt. It can detect Vxidl.AMO and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove Vxidl.AMO manually.
   Use Task Manager to terminate the Vxidl.AMO process.
   Delete the original Vxidl.AMO file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of Vxidl.AMO! 
  Check now if your PC is infected with Vxidl.AMO 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Ala.Eh Trojan Removal
Removing APStrojan Trojan
Pigeon.AMD Trojan Removal
Delemon Trojan Removal




0
comments











Archive Trojan



Archive description 
Also known as:

[Eset]probably unknown COM.EXE virus,probably unknown CRYPT.COM.EXE virus;
[Panda]G2 RCK.371.RAK.519,Sucker.509,Univ;
[Computer Associates]Archive,Paradigm_13,PS-MPC,PS-MPC.490.D,PS-MPC.679
Categories:Trojan,Hacker Tool  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
 
How To Remove Archive:
 You must download ExterminateIt. It can detect Archive and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove Archive manually.
   Use Task Manager to terminate the Archive process.
   Delete the original Archive file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of Archive! 
  Check now if your PC is infected with Archive 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Mini.Command.3a.beta Backdoor Removal instruction
Remove PSW.WAOL Trojan
Removing archive.org Tracking Cookie
PSW.PPort Trojan Symptoms




0
comments











VirusWizard Trojan



VirusWizard description 
Also known as:

[Computer Associates]Win32/VirusWizard.a
Categories:Trojan  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
 
How To Remove VirusWizard:
 You must download ExterminateIt. It can detect VirusWizard and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove VirusWizard manually.
   Use Task Manager to terminate the VirusWizard process.
   Delete the original VirusWizard file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of VirusWizard! 
  Check now if your PC is infected with VirusWizard 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Remove Malum.ANBG Trojan
SpywareSecure Ransomware Information




0
comments











YDMusic Trojan



YDMusic description 
Categories:Trojan,Toolbar  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
How to detecting YDMusic:
   Search registry keys in system registry:
HKEY_CLASSES_ROOT\clsid\{3e3db7f8-b26e-4a20-9749-cd3a92544108}
HKEY_CLASSES_ROOT\interface\{e878fa6f-eeed-40de-81d4-df4a176bf6e1}
HKEY_CLASSES_ROOT\typelib\{0e50173f-b6d3-4471-9454-f1f0dc8b8a6e}
HKEY_CLASSES_ROOT\ydmusic.toolband
HKEY_CLASSES_ROOT\ydmusic.toolband.1  
  Search registry values in system registry:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar  
   
How To Remove YDMusic:
 You must download ExterminateIt. It can detect YDMusic and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove YDMusic manually.
   Use Task Manager to terminate the YDMusic process.
   Delete the original YDMusic file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of YDMusic! 
  Check now if your PC is infected with YDMusic 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Pigeon.AVUK Trojan Removal
Net.Raider Trojan Information
Win32.Drox Trojan Removal
Generic.Downlaoder.bl Downloader Cleaner
Pigeon.AVPW Trojan Cleaner




0
comments











VBS Trojan



VBS description 
Categories:Trojan,Worm,Downloader  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
 
How To Remove VBS:
 You must download ExterminateIt. It can detect VBS and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove VBS manually.
   Use Task Manager to terminate the VBS process.
   Delete the original VBS file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of VBS! 
  Check now if your PC is infected with VBS 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
QNPC.Thief Trojan Cleaner
Medusa Backdoor Information
Removing ej Adware
Intended.Holzner Trojan Cleaner




0
comments











lst.Bar.gen Downloader



lst.Bar.gen description 
Categories:Downloader  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
 
How To Remove lst.Bar.gen:
 You must download ExterminateIt. It can detect lst.Bar.gen and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove lst.Bar.gen manually.
   Use Task Manager to terminate the lst.Bar.gen process.
   Delete the original lst.Bar.gen file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of lst.Bar.gen! 
  Check now if your PC is infected with lst.Bar.gen 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Cydoor Adware Removal
NJStar.Asian.Explorer BHO Information
Murder.Inc.Bomber DoS Removal




0
comments











MasterBar BHO



MasterBar description 
Categories:BHO,Hijacker  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
How to detecting MasterBar:
   Search registry keys in system registry:
HKEY_CLASSES_ROOT\typelib\{6c0c5390-a963-4d98-94ad-a78f8236841e}
HKEY_CURRENT_USER\software\masterbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\masterbarhallmedia.net  
  Search registry values in system registry:
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser  
   
How To Remove MasterBar:
 You must download ExterminateIt. It can detect MasterBar and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove MasterBar manually.
   Use Task Manager to terminate the MasterBar process.
   Delete the original MasterBar file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of MasterBar! 
  Check now if your PC is infected with MasterBar 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Popfif Trojan Information




0
comments











Dreathmin Trojan



Dreathmin description 
Also known as:

[Panda]Trojan Horse.LC;
[Computer Associates]Win32/Dreathmin!PWS!Trojan
Categories:Trojan,Hacker Tool  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
 
How To Remove Dreathmin:
 You must download ExterminateIt. It can detect Dreathmin and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove Dreathmin manually.
   Use Task Manager to terminate the Dreathmin process.
   Delete the original Dreathmin file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of Dreathmin! 
  Check now if your PC is infected with Dreathmin 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Removing Bancos.HCC Trojan
ShopNav BHO Information
Sypofox Trojan Removal instruction
Bancos.GWY Trojan Removal instruction




0
comments











Mirgun Trojan



Mirgun description 
Categories:Trojan,Hacker Tool  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
How to detecting Mirgun:
  Search Folders on the disk:  
[%PROGRAM_FILES%]\mirgun  
     
How To Remove Mirgun:
 You must download ExterminateIt. It can detect Mirgun and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove Mirgun manually.
   Use Task Manager to terminate the Mirgun process.
   Delete the original Mirgun file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of Mirgun! 
  Check now if your PC is infected with Mirgun 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Zlob.ht Downloader Removal
AppCap Trojan Information
Nedsym Trojan Information




0
comments











SdBot.gw Trojan



SdBot.gw description 
Also known as:

[Kaspersky]Backdoor.SdBot.ii;
[Eset]IRC/SdBot.AQU trojan,IRC/SdBot.AVL trojan;
[Computer Associates]Backdoor/SDBot.05.A.Server,Win32.Sdbot.39424.B
Categories:Trojan,Backdoor  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
 
How To Remove SdBot.gw:
 You must download ExterminateIt. It can detect SdBot.gw and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove SdBot.gw manually.
   Use Task Manager to terminate the SdBot.gw process.
   Delete the original SdBot.gw file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of SdBot.gw! 
  Check now if your PC is infected with SdBot.gw 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Remove Sylvia.Hong.Kong Trojan
Remove Cyko DoS
Removing Pigeon.ADH Trojan
NaughtyPops Adware Removal
Agobot.bh Trojan Removal instruction




0
comments











Readme.txt Trojan



Readme.txt description 
Categories:Trojan  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
 
How To Remove Readme.txt:
 You must download ExterminateIt. It can detect Readme.txt and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove Readme.txt manually.
   Use Task Manager to terminate the Readme.txt process.
   Delete the original Readme.txt file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of Readme.txt! 
  Check now if your PC is infected with Readme.txt 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Removing Remote.Control.System RAT
Pigeon.AKQ Trojan Symptoms




0
comments











Gigex.SpeedDelivery Hijacker



Gigex.SpeedDelivery description 
Categories:Hijacker  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
How to detecting Gigex.SpeedDelivery:
   Search registry keys in system registry:
HKEY_CLASSES_ROOT\clsid\{6d5fcfcb-fa6c-4cfb-9918-5f0a9f7365f2}
HKEY_CLASSES_ROOT\gigexagent.gigexctrl
HKEY_CLASSES_ROOT\gigexagent.gigexctrl.1
HKEY_CLASSES_ROOT\interface\{c3b2b2af-e11c-4ec5-a9ac-6189992758d8}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\gigexagent.dll
HKEY_CLASSES_ROOT\clsid\{a7798d6c-c6b5-4f26-9363-f7cdbbffa607}
HKEY_CLASSES_ROOT\vxpspeeddelivery.download
HKEY_CLASSES_ROOT\vxpspeeddelivery.download.1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\gigexagent.dll  
  Search registry values in system registry:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls  
   
How To Remove Gigex.SpeedDelivery:
 You must download ExterminateIt. It can detect Gigex.SpeedDelivery and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove Gigex.SpeedDelivery manually.
   Use Task Manager to terminate the Gigex.SpeedDelivery process.
   Delete the original Gigex.SpeedDelivery file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of Gigex.SpeedDelivery! 
  Check now if your PC is infected with Gigex.SpeedDelivery 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Dimnit Trojan Removal
Vxidl.AJJ Trojan Cleaner




0
comments











FlexiSpy Spyware



FlexiSpy description 
Categories:Spyware  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
 
How To Remove FlexiSpy:
 You must download ExterminateIt. It can detect FlexiSpy and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove FlexiSpy manually.
   Use Task Manager to terminate the FlexiSpy process.
   Delete the original FlexiSpy file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of FlexiSpy! 
  Check now if your PC is infected with FlexiSpy 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Moisho Trojan Symptoms




0
comments











MetaDirect.Keyword Adware



MetaDirect.Keyword description 
Also known as:

[Panda]Spyware/Overpro
Categories:Adware  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
How to detecting MetaDirect.Keyword:
Search Files on the disk:
[%PROGRAM_FILES%]\DownloadManager\insdl.dll
[%PROGRAM_FILES%]\MediaPipe\register.dll
[%SYSTEM%]\config\systemprofile\Local Settings\Temp\nsdtmp09.dll
[%WINDOWS%]\Temp\nsdtmp09.dll
[%PROGRAM_FILES%]\DownloadManager\insdl.dll
[%PROGRAM_FILES%]\MediaPipe\register.dll
[%SYSTEM%]\config\systemprofile\Local Settings\Temp\nsdtmp09.dll
[%WINDOWS%]\Temp\nsdtmp09.dll
      
How To Remove MetaDirect.Keyword:
 You must download ExterminateIt. It can detect MetaDirect.Keyword and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove MetaDirect.Keyword manually.
   Use Task Manager to terminate the MetaDirect.Keyword process.
   Delete the original MetaDirect.Keyword file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of MetaDirect.Keyword! 
  Check now if your PC is infected with MetaDirect.Keyword 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
VBS.Yonis:intended Trojan Information
Removing Tonerok Backdoor
Remove Puddy Trojan




0
comments











WarPigs.C Trojan



WarPigs.C description 
Categories:Trojan,Backdoor  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
 
How To Remove WarPigs.C:
 You must download ExterminateIt. It can detect WarPigs.C and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove WarPigs.C manually.
   Use Task Manager to terminate the WarPigs.C process.
   Delete the original WarPigs.C file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of WarPigs.C! 
  Check now if your PC is infected with WarPigs.C 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Bancos.IDX Trojan Removal instruction
Banker.CNX Trojan Symptoms




0
comments











Hbot Backdoor



Hbot description 
Also known as:

[Kaspersky]Backdoor.Win32.HacPing,Backdoor.Win32.HacPing.d;
[Other]Win32/Hbot,Win32/Hbot.B
Categories:Backdoor  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
 
How To Remove Hbot:
 You must download ExterminateIt. It can detect Hbot and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove Hbot manually.
   Use Task Manager to terminate the Hbot process.
   Delete the original Hbot file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of Hbot! 
  Check now if your PC is infected with Hbot 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Bancos.AAF Trojan Information
Removing Pigeon.AVKH Trojan




0
comments











Web.Buying Adware



Web.Buying description 
Also known as:

[Kaspersky]AdWare.Win32.Agent.co;
[McAfee]Adware-WebBuying;
[F-Prot]W32/Trojan.AQIP;
[Other]Adware.Webbuy,W32/Malware.XAB
Categories:Adware The Web.Buying adds a link to its executable file in the system registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[%PROFILE_TEMP%]\uf184.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.0\webbuying.exe  
Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
How to detecting Web.Buying:
Search Files on the disk:
[%PROFILE_TEMP%]\uf184.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.0\webbuying.exe
[%SYSTEM%]\gawgvet.dll
[%SYSTEM%]\uyyyixi.dll
[%SYSTEM%]\fhyjmff.dll
[%SYSTEM%]\miciwqo.dll
[%PROFILE_TEMP%]\uf184.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.0\webbuying.exe
[%SYSTEM%]\gawgvet.dll
[%SYSTEM%]\uyyyixi.dll
[%SYSTEM%]\fhyjmff.dll
[%SYSTEM%]\miciwqo.dll
   Search Folders on the disk:  
[%PROGRAM_FILES%]\Web Buying  
   Search registry keys in system registry:
HKEY_CURRENT_USER\software\webbuying
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\webbuying
HKEY_CLASSES_ROOT\clsid\{1128bc62-a090-448c-a6ee-87da4a67b352}
HKEY_CLASSES_ROOT\clsid\{11deda8c-6d8f-4e48-83a1-0090346343b3}
HKEY_CLASSES_ROOT\clsid\{148d6fbc-7401-4e01-b73a-bf6e0cafb687}
HKEY_CLASSES_ROOT\clsid\{4e84ad61-31d1-406f-8e90-2ab3521efc97}
HKEY_CLASSES_ROOT\clsid\{7386ad62-3ad1-4afa-813c-67d97c4d1403}
HKEY_CLASSES_ROOT\clsid\{8d8800a6-362e-435b-8715-faa40eb3dcfd}
HKEY_CLASSES_ROOT\clsid\{c926ba1c-8ba4-4140-903c-6e6e2db0ec24}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1128bc62-a090-448c-a6ee-87da4a67b352}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{11deda8c-6d8f-4e48-83a1-0090346343b3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{148d6fbc-7401-4e01-b73a-bf6e0cafb687}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e84ad61-31d1-406f-8e90-2ab3521efc97}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7386ad62-3ad1-4afa-813c-67d97c4d1403}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c926ba1c-8ba4-4140-903c-6e6e2db0ec24}  
  Search registry values in system registry:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CLASSES_ROOT\clsid\{0bab8b9c-713c-4d25-9f75-a1b464166d72}\inprocserver32
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run  
   
How To Remove Web.Buying:
 You must download ExterminateIt. It can detect Web.Buying and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove Web.Buying manually.
   Use Task Manager to terminate the Web.Buying process.
   Delete the original Web.Buying file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of Web.Buying! 
  Check now if your PC is infected with Web.Buying 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Abwiz.F Trojan Cleaner




0
comments











VB.pq Backdoor



VB.pq description 
Categories:Backdoor  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
 
How To Remove VB.pq:
 You must download ExterminateIt. It can detect VB.pq and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove VB.pq manually.
   Use Task Manager to terminate the VB.pq process.
   Delete the original VB.pq file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of VB.pq! 
  Check now if your PC is infected with VB.pq 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Removing Pigeon.AVB Trojan
Surfer Trojan Cleaner
Remove BAT.Orag Trojan
Removing WWW.Angelfire Tracking Cookie




0
comments











Bancos.GII Trojan



Bancos.GII description 
Categories:Trojan  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
 
How To Remove Bancos.GII:
 You must download ExterminateIt. It can detect Bancos.GII and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove Bancos.GII manually.
   Use Task Manager to terminate the Bancos.GII process.
   Delete the original Bancos.GII file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of Bancos.GII! 
  Check now if your PC is infected with Bancos.GII 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
LameToy Trojan Removal instruction
Bat.PWS.Myss Trojan Information
FillFiles Trojan Symptoms
IRC.SdBot.generic Trojan Symptoms
WM.Remote.KeyLogger Trojan Information




0
comments











PeopleOnPage.Apropos BHO



PeopleOnPage.Apropos description 
Categories:BHO,Hijacker The PeopleOnPage.Apropos adds a link to its executable file in the system registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[%PROFILE_TEMP%]\cxtpls_loader.exe
[%SYSTEM%]\cicmp13n.exe
[%SYSTEM%]\cnekpart.exe
[%SYSTEM%]\subup.exe
[%SYSTEM%]\wmvi32.exe
[%PROFILE%]\apropos_client_loader.exe
[%PROFILE_TEMP%]\wk_122.exe
[%PROFILE_TEMP%]\wk_123.exe
[%PROFILE_TEMP%]\wk_12a.exe
[%PROFILE_TEMP%]\wk_12b.exe
[%PROFILE_TEMP%]\wk_12d.exe
[%PROFILE_TEMP%]\wk_13a.exe
[%PROFILE_TEMP%]\wk_395.exe
[%PROFILE_TEMP%]\~compoundinst0\auto_update_loader.exe
[%SYSTEM%]\internetfeatures.exe
[%SYSTEM%]\ulioci.exe
[%WINDOWS%]\downloaded program files\monpop.exe
[%WINDOWS%]\downloaded program files\popsrv225.exe  
Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
How to detecting PeopleOnPage.Apropos:
Search Files on the disk:
[%PROFILE_TEMP%]\cxtpls_loader.exe
[%PROGRAM_FILES%]\Aprps\libexpat.dll
[%SYSTEM%]\cicmp13n.exe
[%SYSTEM%]\cnekpart.exe
[%SYSTEM%]\subup.exe
[%SYSTEM%]\wmvi32.exe
[%WINDOWS%]\downloaded program files\pop.inf
[%PROFILE%]\apropos_client_loader.exe
[%PROFILE_TEMP%]\wk_122.exe
[%PROFILE_TEMP%]\wk_123.exe
[%PROFILE_TEMP%]\wk_12a.exe
[%PROFILE_TEMP%]\wk_12b.exe
[%PROFILE_TEMP%]\wk_12d.exe
[%PROFILE_TEMP%]\wk_13a.exe
[%PROFILE_TEMP%]\wk_395.exe
[%PROFILE_TEMP%]\~compoundinst0\auto_update_loader.exe
[%SYSTEM%]\internetfeatures.exe
[%SYSTEM%]\ulioci.exe
[%WINDOWS%]\downloaded program files\monpop.exe
[%WINDOWS%]\downloaded program files\mybutton.swf
[%WINDOWS%]\downloaded program files\pop225.dll
[%WINDOWS%]\downloaded program files\pophook4.dll
[%WINDOWS%]\downloaded program files\popsrv225.exe
[%PROFILE_TEMP%]\cxtpls_loader.exe
[%PROGRAM_FILES%]\Aprps\libexpat.dll
[%SYSTEM%]\cicmp13n.exe
[%SYSTEM%]\cnekpart.exe
[%SYSTEM%]\subup.exe
[%SYSTEM%]\wmvi32.exe
[%WINDOWS%]\downloaded program files\pop.inf
[%PROFILE%]\apropos_client_loader.exe
[%PROFILE_TEMP%]\wk_122.exe
[%PROFILE_TEMP%]\wk_123.exe
[%PROFILE_TEMP%]\wk_12a.exe
[%PROFILE_TEMP%]\wk_12b.exe
[%PROFILE_TEMP%]\wk_12d.exe
[%PROFILE_TEMP%]\wk_13a.exe
[%PROFILE_TEMP%]\wk_395.exe
[%PROFILE_TEMP%]\~compoundinst0\auto_update_loader.exe
[%SYSTEM%]\internetfeatures.exe
[%SYSTEM%]\ulioci.exe
[%WINDOWS%]\downloaded program files\monpop.exe
[%WINDOWS%]\downloaded program files\mybutton.swf
[%WINDOWS%]\downloaded program files\pop225.dll
[%WINDOWS%]\downloaded program files\pophook4.dll
[%WINDOWS%]\downloaded program files\popsrv225.exe
   Search Folders on the disk:  
[%PROFILE_TEMP%]\autoupdate0
[%PROGRAM_FILES%]\aprps
[%PROGRAM_FILES%]\cxtpls
[%APPDATA%]\pop!
[%PROGRAM_FILES%]\aproposclient  
   Search registry keys in system registry:
HKEY_CLASSES_ROOT\CLSID\{016235BE-59D4-4CEB-ADD5-E2378282A1D9}
HKEY_CLASSES_ROOT\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212}
HKEY_CLASSES_ROOT\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}
HKEY_CLASSES_ROOT\interface\{a1558b18-f76c-40fe-b358-9e47449f3cfe}
HKEY_CLASSES_ROOT\interface\{a2872b10-39f2-42df-9335-7dd38cf75255}
HKEY_CLASSES_ROOT\interface\{a7d0472e-c1fc-4d8f-aba1-98a7692561bf}
HKEY_CLASSES_ROOT\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}
HKEY_CURRENT_USER\software\apropos
HKEY_LOCAL_MACHINE\software\aprps
HKEY_LOCAL_MACHINE\Software\AutoLoader
HKEY_LOCAL_MACHINE\SOFTWARE\Envolo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{016235BE-59D4-4CEB-ADD5-E2378282A1D9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AproposClient
HKEY_CLASSES_ROOT\apropos.client
HKEY_CLASSES_ROOT\apropos.client.1.1
HKEY_CLASSES_ROOT\clsid\{016235be-59d4-4ceb-add5-e2378282a1d9}
HKEY_CLASSES_ROOT\clsid\{645fd3bc-c314-4f7a-9d2e-64d62a0fdd78}
HKEY_CLASSES_ROOT\clsid\{65c8c1f5-230e-4dc9-9a0d-f3159a5e7778}
HKEY_CLASSES_ROOT\clsid\{8023a3e7-ab95-4c23-8313-0be9842cc70e}
HKEY_CLASSES_ROOT\clsid\{976c4e11-b9c5-4b2b-97ef-f7d06ba4242f}
HKEY_CLASSES_ROOT\clsid\{a2872b10-39f2-42df-9335-7dd38cf75255}
HKEY_CLASSES_ROOT\clsid\{a4a58a2c-b039-432b-8bc1-dca7ac0757dc}
HKEY_CLASSES_ROOT\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}
HKEY_CLASSES_ROOT\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}
HKEY_CLASSES_ROOT\clsid\{d5580d6f-0e5f-4bdb-9cdf-f8ee68beb008}
HKEY_CLASSES_ROOT\interface\{bc333116-6ea1-40a1-9d07-ecb192db8cea}
HKEY_CLASSES_ROOT\pop.server
HKEY_CLASSES_ROOT\pop.server.1
HKEY_CURRENT_USER\software\pop
HKEY_LOCAL_MACHINE\software\apropos
HKEY_LOCAL_MACHINE\software\autoloader
HKEY_LOCAL_MACHINE\software\classes\apropos.client
HKEY_LOCAL_MACHINE\software\classes\apropos.client.1.1
HKEY_LOCAL_MACHINE\software\classes\pop.server\clsid
HKEY_LOCAL_MACHINE\software\classes\pop.server\curver
HKEY_LOCAL_MACHINE\software\cvttsacsmv39
HKEY_LOCAL_MACHINE\software\envolo
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{d5580d6f-0e5f-4bdb-9cdf-f8ee68beb008}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{016235be-59d4-4ceb-add5-e2378282a1d9}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\aprload.bin
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\load.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\pop225.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\pophook4.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\popsrv225.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\aproposclient
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pop
HKEY_LOCAL_MACHINE\software\pop
HKEY_USERS\.default\software\microsoft\windows\currentversion\internet settings\zonemap\domains\apropos-media.com  
  Search registry values in system registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CLASSES_ROOT\clsid
HKEY_CURRENT_USER\clsid
HKEY_CURRENT_USER\software\classes\clsid
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\pop
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\pop
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/monpop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/monpop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/pop225.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/pop225.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/pophook4.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/pophook4.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/popsrv225.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/popsrv225.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls  
   
How To Remove PeopleOnPage.Apropos:
 You must download ExterminateIt. It can detect PeopleOnPage.Apropos and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove PeopleOnPage.Apropos manually.
   Use Task Manager to terminate the PeopleOnPage.Apropos process.
   Delete the original PeopleOnPage.Apropos file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of PeopleOnPage.Apropos! 
  Check now if your PC is infected with PeopleOnPage.Apropos 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
TrojanDropper.Win32.VB.bk Trojan Removal




0
comments











FoxEyes Trojan



FoxEyes description 
Also known as:

[Kaspersky]Backdoor.FoxEyes.30,Backdoor.FoxEyes.20;
[McAfee]BackDoor-WA;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/FoxEyes.30,Trj/W32.FoxHand;
[Computer Associates]Backdoor/FoxEyes.30!Server,Backdoor/FoxEyes.20!Server
Categories:Trojan,Backdoor,RAT  Platforms / OS:  Windows 2000, Windows XP, Windows 2003, Windows Vista
 
How To Remove FoxEyes:
 You must download ExterminateIt. It can detect FoxEyes and prevent infection.
   You can run trial version of ExterminateIt to detect,and then remove FoxEyes manually.
   Use Task Manager to terminate the FoxEyes process.
   Delete the original FoxEyes file and folders.
  Delete the system registry key parameters
 
 Note that the easiest way is to buy antivirus software and be protected 24/7/365 
 This antivirus,    ExterminateIt effectively and automatically removes viruses from you computer. 
     Download ExterminateIt! to instantly get rid of FoxEyes! 
  Check now if your PC is infected with FoxEyes 
     You can buy full version of ExterminateIt     at RegNow.com. 
 
 Also Be Aware of the Following Threats:
Pixel.Hydra Trojan Information




0
comments




Jan 4, 2009


Jan 2, 2009

Home




Subscribe to:
Posts (Atom)

How to detecting Win32.QQRob:

How To Remove Win32.QQRob:

How To Remove W95.Mssu:

How To Remove ID:

How To Remove Vxidl.AMO:

How To Remove Archive:

How To Remove VirusWizard:

How to detecting YDMusic:

How To Remove YDMusic:

How To Remove VBS:

How To Remove lst.Bar.gen:

How to detecting MasterBar:

How To Remove MasterBar:

How To Remove Dreathmin:

How to detecting Mirgun:

How To Remove Mirgun:

How To Remove SdBot.gw:

How To Remove Readme.txt:

How to detecting Gigex.SpeedDelivery:

How To Remove Gigex.SpeedDelivery:

How To Remove FlexiSpy:

How to detecting MetaDirect.Keyword:

How To Remove MetaDirect.Keyword:

How To Remove WarPigs.C:

How To Remove Hbot:

How to detecting Web.Buying:

How To Remove Web.Buying:

How To Remove VB.pq:

How To Remove Bancos.GII:

How to detecting PeopleOnPage.Apropos:

How To Remove PeopleOnPage.Apropos:

How To Remove FoxEyes:

Blog Archive

System Administrator Search

Subscribe To

New York Times: World News

`How to detecting Win32.QQRob:`

`How to detecting Web.Buying:`

`How to detecting PeopleOnPage.Apropos:`