Manual Removal Guide for Toolbar.DefaultTab

The following instructions have been created to help you to get rid of "Toolbar.DefaultTab" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • pups
  • bho

Description:
Toolbar.DefaultTab installs a Browser Helper Object (BHO), an updating service and associated toolbar files into the application files directory.
Privacy Statement:
http://www.mysearchresults.com/privacy-policy
Links (be careful!):
: ttp://corp.mysearchresults.com/
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • A file with an unknown location named "DefaultTab.xpi".
  • The file at "<$APPDATA>\defaulttab\defaulttab\addon.ico".
  • The file at "<$APPDATA>\defaulttab\defaulttab\DefaultTabBHO.dll".
  • The file at "<$APPDATA>\defaulttab\defaulttab\DefaultTabStart.exe".
  • The file at "<$APPDATA>\defaulttab\defaulttab\DefaultTabStart64.exe".
  • The file at "<$APPDATA>\defaulttab\defaulttab\DefaultTabUninstaller.exe".
  • The file at "<$APPDATA>\defaulttab\defaulttab\DefaultTabWrap.dll".
  • The file at "<$APPDATA>\defaulttab\defaulttab\DefaultTabWrap64.dll".
  • The file at "<$APPDATA>\defaulttab\defaulttab\DT.ico".
  • The file at "<$APPDATA>\defaulttab\defaulttab\DTUpdate.exe".
  • The file at "<$APPDATA>\defaulttab\defaulttab\searchhere.ico".
  • The file at "<$APPDATA>\defaulttab\defaulttab\uninstalldt.exe".
  • The file at "<$LOCALSETTINGS>\Temp\installdt.tmp\DefaultTab.xpi".
Make sure you set your file manager to display hidden and system files. If Toolbar.DefaultTab uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>\defaulttab\defaulttab".
  • The directory at "<$APPDATA>\defaulttab".
  • The directory at "<$LOCALSETTINGS>\Temp\installdt.tmp".
Make sure you set your file manager to display hidden and system files. If Toolbar.DefaultTab uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{7F6AFBF1-E065-4627-A2FD-810366367D01}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{7F6AFBF1-E065-4627-A2FD-810366367D01}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\".
  • Delete the registry key "{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\".
  • Delete the registry key "{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "Default tab" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
  • Delete the registry key "DefaultTab" at "HKEY_CURRENT_USER\Software\AppDataLow\Software\".
  • Delete the registry key "Defaulttab" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "DefaultTabBHO.DefaultTabBrowser.1" at "HKEY_CLASSES_ROOT".
  • Delete the registry key "DefaultTabBHO.DefaultTabBrowser" at "HKEY_CLASSES_ROOT".
  • Delete the registry key "DefaultTabBHO.DefaultTabBrowserActiveX.1" at "HKEY_CLASSES_ROOT".
  • Delete the registry key "DefaultTabBHO.DefaultTabBrowserActiveX" at "HKEY_CLASSES_ROOT".
  • Delete the registry key "DefaultTabBHO.DLL" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "DefaultTabUpdate" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "DefaultTabUpdate" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "DefaultTabUpdate" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
If Toolbar.DefaultTab uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for ToolBar.APN

The following instructions have been created to help you to get rid of "ToolBar.APN" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • pups

Description:
ToolBar.APN installs the Teoma search extension and associated AskPartnerNetwork toolbar files into the program files directory.
Links (be careful!):
: ttps://www.teoma.com
: ttp://help.teoma.com/ics/support/splash.asp
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • A file with an unknown location named "AskToolbarInstaller-12.45.0_ARS2-TMG.msi".
  • A file with an unknown location named "toolbar_TeoMediaTB@apn.ask.com.xpi".
  • The file at "<$COMMONAPPDATA>\AskPartnerNetwork\Toolbar\Shared\CRX\fhnobihfdnklhoilcilfogdcegekpgfn.crx".
  • The file at "<$PROGRAMFILES>\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe".
  • The file at "<$PROGRAMFILES>\AskPartnerNetwork\Toolbar\apnmcp.exe".
  • The file at "<$PROGRAMFILES>\AskPartnerNetwork\Toolbar\BrowserHost.dll".
  • The file at "<$PROGRAMFILES>\AskPartnerNetwork\Toolbar\DeskBar.exe".
  • The file at "<$PROGRAMFILES>\AskPartnerNetwork\Toolbar\searchhook.dll".
  • The file at "<$PROGRAMFILES>\AskPartnerNetwork\Toolbar\ServiceLocator.exe".
  • The file at "<$PROGRAMFILES>\AskPartnerNetwork\Toolbar\SO.dll".
  • The file at "<$PROGRAMFILES>\AskPartnerNetwork\Toolbar\toolbar.dll".
  • The file at "<$PROGRAMFILES>\AskPartnerNetwork\Toolbar\Toolbar.exe".
  • The file at "<$PROGRAMFILES>\AskPartnerNetwork\Toolbar\toolbar_x64.dll".
  • The file at "<$PROGRAMFILES>\AskPartnerNetwork\Toolbar\ToolbarPS.dll".
  • The file at "<$PROGRAMFILES>\AskPartnerNetwork\Toolbar\TopSitesRT.exe".
  • The file at "<$PROGRAMFILES>\AskPartnerNetwork\Toolbar\UpdateManager.exe".
  • The file at "<$PROGRAMFILES>\AskPartnerNetwork\Toolbar\Updater\tbnhlpr.exe".
  • The file at "<$PROGRAMFILES>\AskPartnerNetwork\Toolbar\Updater\tbnhlpr_x64.exe".
  • The file at "<$PROGRAMFILES>\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe".
Make sure you set your file manager to display hidden and system files. If ToolBar.APN uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\fhnobihfdnklhoilcilfogdcegekpgfn\135.6_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\fhnobihfdnklhoilcilfogdcegekpgfn".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Local Extension Settings\fhnobihfdnklhoilcilfogdcegekpgfn".
  • The directory at "<$PROGRAMFILES>\AskPartnerNetwork\ChromeUtils".
  • The directory at "<$PROGRAMFILES>\AskPartnerNetwork\Toolbar\Updater".
  • The directory at "<$PROGRAMFILES>\AskPartnerNetwork\Toolbar".
  • The directory at "<$PROGRAMFILES>\AskPartnerNetwork".
Make sure you set your file manager to display hidden and system files. If ToolBar.APN uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.AutoComplete

The following instructions have been created to help you to get rid of "PU.AutoComplete" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • pups
  • bho

Description:
PU.AutoComplete is a BHO without benefit for the user. It also changes the starting page to http://search.autocompletepro.com. When you use this search engine every result is modified and includes a referral link to http://www.css.infospace.com.
Links (be careful!):
: ttp://search.autocompletepro.com
: ttp://www.7art-screensavers.com
Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.
  • Products that have a key or property named "7art vitality_clock Screensaver_is1".
  • Products that have a key or property named "AutocompletePro3_is1".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$APPDATA>\7art\vitality_clock\unins000.exe".
  • The file at "<$DESKTOP>\7art screensavers.url".
  • The file at "<$DESKTOP>\Run vitality_clock.lnk".
  • The file at "<$PROGRAMFILES>\AutocompletePro\64\AutocompletePro64.dll".
  • The file at "<$PROGRAMFILES>\AutocompletePro\chrome\autocompleteprochrome.crx".
  • The file at "<$PROGRAMFILES>\AutocompletePro\ChromeSetSearchInBrowser.exe".
  • The file at "<$PROGRAMFILES>\AutocompletePro\FireFoxExtension.exe".
  • The file at "<$PROGRAMFILES>\AutocompletePro\InstTracker.exe".
  • The file at "<$PROGRAMFILES>\AutocompletePro\unins000.exe".
  • The file at "<$PROGRAMFILES>\Mozilla Firefox\searchplugins\acpro.xml".
  • The file at "<$WINDIR>\vitality_clock.scr".
Make sure you set your file manager to display hidden and system files. If PU.AutoComplete uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>\AutocompletePro".
Make sure you set your file manager to display hidden and system files. If PU.AutoComplete uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "AutocompletePro.DLL" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "Autocompletepro" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry value "SCRNSAVE.EXE=C:\WINDOWS\VITALI~1.SCR" at "HKEY_CURRENT_USER\Control Panel\Desktop\".
If PU.AutoComplete uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Browser:

The following browser plugins or items can either be removed directly in your browser, or through the help of e.g. Spybot-S&D or RunAlyzer.
  • Please check your bookmarks for links to "http://search.autocompletepro.com/*".

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.Auslogics.TB

The following instructions have been created to help you to get rid of "PU.Auslogics.TB" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • pups

Description:
PU.Auslogics.TB is a program that tries to improve your system speed and update your system drivers. After it detects possible stability problems it only fixes them if the user purchases a license.
Cost: Different packages, full suite costs $99.95 (December 2016) for 3 months.
Links (be careful!):
: ttp://www.auslogics.com/
: ttp://www.tweakbit.com
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$DESKTOP>\TweakBit PCRepairKit.lnk".
  • The file at "<$LOCALSETTINGS>\Temp\_Del_pc-repair-kit-setup\GASender.exe".
  • The file at "<$LOCALSETTINGS>\Temp\_Del_pc-repair-kit-setup\GoogleAnalyticsHelper.dll".
  • The file at "<$PROGRAMFILES>\TweakBit\PCRepairKit\Downloader.exe".
  • The file at "<$PROGRAMFILES>\TweakBit\PCRepairKit\GASender.exe".
  • The file at "<$PROGRAMFILES>\TweakBit\PCRepairKit\GoogleAnalyticsHelper.dll".
  • The file at "<$PROGRAMFILES>\TweakBit\PCRepairKit\PCRepairKit.exe".
  • The file at "<$PROGRAMFILES>\TweakBit\PCRepairKit\rdboot32.exe".
  • The file at "<$PROGRAMFILES>\TweakBit\PCRepairKit\RegistryDefrag.exe".
  • The file at "<$PROGRAMFILES>\TweakBit\PCRepairKit\RescueCenter.exe".
  • The file at "<$PROGRAMFILES>\TweakBit\PCRepairKit\SendDebugLog.exe".
  • The file at "<$PROGRAMFILES>\TweakBit\PCRepairKit\StartupManager.exe".
  • The file at "<$PROGRAMFILES>\TweakBit\PCRepairKit\TaskManager.exe".
  • The file at "<$PROGRAMFILES>\TweakBit\PCRepairKit\TweakManager.exe".
  • The file at "<$PROGRAMFILES>\TweakBit\PCRepairKit\unins000.exe".
  • The file at "<$PROGRAMFILES>\TweakBit\PCRepairKit\UninstallManager.exe".
Make sure you set your file manager to display hidden and system files. If PU.Auslogics.TB uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$COMMONAPPDATA>\TweakBit\PCRepairKit".
  • The directory at "<$COMMONPROGRAMS>\TweakBit\PCRepairKit".
  • The directory at "<$LOCALSETTINGS>\Temp\_Del_pc-repair-kit-setup".
  • The directory at "<$PROGRAMFILES>\TweakBit\PCRepairKit".
Make sure you set your file manager to display hidden and system files. If PU.Auslogics.TB uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{CA7C4C80-24B8-4027-8849-0C302333C427}_is1" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "PCRepairKit" at "HKEY_LOCAL_MACHINE\SOFTWARE\TweakBit\".
If PU.Auslogics.TB uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Hiru

The following instructions have been created to help you to get rid of "Ad.Hiru" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware

Description:
Ad.Hiru creates an URL link on the desktop that links to 'hi.ru'. It also installs into the program files directory after adding a Russian search extension to Google Chrome.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$DESKTOP>\Internet Search.URL".
Make sure you set your file manager to display hidden and system files. If Ad.Hiru uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>\Hiru".
Make sure you set your file manager to display hidden and system files. If Ad.Hiru uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "Hiru" at "HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "imhlianhlhdicjchlbmbfaefhhjencbe" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\".
If Ad.Hiru uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.BrowseSmart

The following instructions have been created to help you to get rid of "Ad.BrowseSmart" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • cookie

Description:
Ad.BrowseSmart claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.
Links (be careful!):
: ttp://browsesmart.net
: ttp://www.browsesmart.net
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\BrowseSmart.BOAS.exe".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\BrowseSmart.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\BrowseSmart.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\BrowseSmart.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\BrowseSmart.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\BrowseSmart.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\BrowseSmart.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\BrowseSmart.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\BrowseSmartBA.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\BrowseSmartBAApp.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\BrowseSmartBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.BOAS.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.Bromon.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.BroStats.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.BrowserFilter.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.BRT.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\plugins\BrowseSmart.Repmon.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\bin\utilBrowseSmart.exe".
  • The file at "<$PROGRAMFILES>\BrowseSmart\BrowseSmart.Common.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\BrowseSmart.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\BrowseSmart\BrowseSmart.ico".
  • The file at "<$PROGRAMFILES>\BrowseSmart\BrowseSmartBHO.dll".
  • The file at "<$PROGRAMFILES>\BrowseSmart\BrowseSmartuninstall.exe".
  • The file at "<$PROGRAMFILES>\BrowseSmart\ippenodjaoidmkkfdlmdhofiebnpjddb.crx".
  • The file at "<$PROGRAMFILES>\BrowseSmart\updateBrowseSmart.exe".
  • The file at "<$PROGRAMFILES>\BrowseSmart\updater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.BrowseSmart uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\ippenodjaoidmkkfdlmdhofiebnpjddb\1.0.0_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\ippenodjaoidmkkfdlmdhofiebnpjddb".
  • The directory at "<$PROGRAMFILES>\BrowseSmart\bin\plugins".
  • The directory at "<$PROGRAMFILES>\BrowseSmart\bin".
  • The directory at "<$PROGRAMFILES>\BrowseSmart".
Make sure you set your file manager to display hidden and system files. If Ad.BrowseSmart uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{392DE650-A1E6-4FB3-A5A4-21285DE225BD}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{B463ECD2-E5D8-4178-80C4-EC7C7E72F9AC}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{ffbb88a9-c663-4b9b-9170-70fa0a5a2786}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{ffbb88a9-c663-4b9b-9170-70fa0a5a2786}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "BrowseSmart" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "BrowseSmart" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update BrowseSmart" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update BrowseSmart" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update BrowseSmart" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\BrowseSmart\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\BrowseSmart\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\BrowseSmart\".
If Ad.BrowseSmart uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.RightSurf

The following instructions have been created to help you to get rid of "Ad.RightSurf" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.RightSurf is a browser add-on that displays advertisements and sponsored links.
Links (be careful!):
: ttp://rightsurf.info
: ttp://www.rightsurf.info
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>\RightSurf\ajjpgnlpolfpnebjjaciccmmjnmjfjkl.crx".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\plugins\RightSurf.BOAS.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\plugins\RightSurf.Bromon.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\plugins\RightSurf.BroStats.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\plugins\RightSurf.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\plugins\RightSurf.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\plugins\RightSurf.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\plugins\RightSurf.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\plugins\RightSurf.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\plugins\RightSurf.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\plugins\RightSurf.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\plugins\RightSurf.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\plugins\RightSurf.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\plugins\RightSurf.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\plugins\RightSurf.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\plugins\RightSurf.Repmon.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\RightSurf.BOAS.exe".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\RightSurf.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\RightSurf.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\RightSurf.BrowserFilter.Helper.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\RightSurf.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\RightSurf.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\RightSurf.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\RightSurfBA.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\RightSurfBAApp.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\RightSurfBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\utilRightSurf.exe".
  • The file at "<$PROGRAMFILES>\RightSurf\bin\XTLSApp.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\RightSurf.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\RightSurf\RightSurf.ico".
  • The file at "<$PROGRAMFILES>\RightSurf\RightSurfBHO.dll".
  • The file at "<$PROGRAMFILES>\RightSurf\RightSurfuninstall.exe".
  • The file at "<$PROGRAMFILES>\RightSurf\updater.exe".
  • The file at "<$PROGRAMFILES>\RightSurf\updateRightSurf.exe".
Make sure you set your file manager to display hidden and system files. If Ad.RightSurf uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>\RightSurf\bin\plugins".
  • The directory at "<$PROGRAMFILES>\RightSurf\bin".
  • The directory at "<$PROGRAMFILES>\RightSurf".
Make sure you set your file manager to display hidden and system files. If Ad.RightSurf uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{88be1aa9-6740-461c-9e3e-f35eb8fa741c}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{88be1aa9-6740-461c-9e3e-f35eb8fa741c}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{a4f32137-598e-41b6-b601-9965084c8f08}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{C64BA349-1F34-4BFC-8D23-A317279D0CB9}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "RightSurf" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "RightSurf" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update RightSurf" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update RightSurf" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update RightSurf" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
If Ad.RightSurf uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

UK Snooper’s Charter – Spybot Integrated VPN

Snooper's Charter
Due to the recent privacy concerns arising from the UK’s new Investigatory Powers Act 2016 (nicknamed the Snoopers’ Charter or Snooper’s Charter) and the recent ban of Tor and certain VPNs in Turkey, we are happy to announce we have increased the priority of a task we have been working on; an integrated VPN for Spybot – Search & Destroy.

It has always been a belief of ours that an integrated VPN is an incredibly useful additional tool for protecting the privacy of your data. We have been investigating many VPN solutions to find the best one to be included in our program.

With the introduction of this new bill and the privacy concerns it brings in the UK, we now believe a VPN is a necessity to protect your privacy, and we are working to implement the VPN solution we have found as soon as possible. The introduction of this bill means metadata about your phone calls, text messages, internet browsing histories, voice-call records and social media conversations will be stored by communications providers for at least 12 months and handed over to law enforcement and security services upon request (if you currently reside in the UK).

Regardless of the restrictions that are applied, we will continue our efforts to protect the privacy of our users’ data, and we will try to ensure that our customers can stay a step ahead of anyone who is attempting to monitor or steal their data or communications.

Manual Removal Guide for Ad.ToggleMark

The following instructions have been created to help you to get rid of "Ad.ToggleMark" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.ToggleMark is a browser add-on that displays advertisements and sponsored links.
Links (be careful!):
: ttp://togglemark.net/
: ttp://www.togglemark.net/
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • A file with an unknown location named "{af16abf4-eac1-49b4-93fc-58f6ca799135}.xpi".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.BOAS.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.Bromon.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.BroStats.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.BRT.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\plugins\ToggleMark.Repmon.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\ToggleMark.BOAS.exe".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\ToggleMark.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\ToggleMark.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\ToggleMark.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\ToggleMark.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\ToggleMark.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\ToggleMark.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\ToggleMark.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\ToggleMarkBA.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\ToggleMarkBAApp.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\ToggleMarkBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\ToggleMark\bin\utilToggleMark.exe".
  • The file at "<$PROGRAMFILES>\ToggleMark\ToggleMark.Common.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\ToggleMark.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\ToggleMark\ToggleMark.ico".
  • The file at "<$PROGRAMFILES>\ToggleMark\ToggleMarkBHO.dll".
  • The file at "<$PROGRAMFILES>\ToggleMark\ToggleMarkuninstall.exe".
  • The file at "<$PROGRAMFILES>\ToggleMark\updater.exe".
  • The file at "<$PROGRAMFILES>\ToggleMark\updateToggleMark.exe".
Make sure you set your file manager to display hidden and system files. If Ad.ToggleMark uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>\ToggleMark\bin\plugins".
  • The directory at "<$PROGRAMFILES>\ToggleMark\bin".
  • The directory at "<$PROGRAMFILES>\ToggleMark".
Make sure you set your file manager to display hidden and system files. If Ad.ToggleMark uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{5B79DF26-5A4A-4A88-BFF4-FE188A4F223E}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{C3715F93-4241-49F6-BA85-1D8151B277AF}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{dc59a866-959c-4638-a191-c13177d0bd68}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{dc59a866-959c-4638-a191-c13177d0bd68}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "ToggleMark" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "ToggleMark" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update ToggleMark" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update ToggleMark" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update ToggleMark" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\ToggleMark\".
  • Delete the registry value "uidg" at "HKEY_CURRENT_USER\Software\ToggleMark\".
If Ad.ToggleMark uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.GreyGray

The following instructions have been created to help you to get rid of "Ad.GreyGray" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.GreyGray is a browser add-on that displays advertisements and sponsored links.
Links (be careful!):
: ttp://greygray.biz
: ttp://www.greygray.biz
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • A file with an unknown location named "firefox@greygray.biz.xpi".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\GreyGray.BOAS.exe".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\GreyGray.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\GreyGray.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\GreyGray.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\GreyGray.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\GreyGray.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\GreyGray.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\GreyGray.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\GreyGrayBA.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\GreyGrayBAApp.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\GreyGrayBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.BOAS.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.Bromon.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.BroStats.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.BRT.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\plugins\GreyGray.Repmon.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\bin\utilGreyGray.exe".
  • The file at "<$PROGRAMFILES>\GreyGray\GreyGray.Common.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\GreyGray.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\GreyGray\GreyGray.ico".
  • The file at "<$PROGRAMFILES>\GreyGray\GreyGrayBHO.dll".
  • The file at "<$PROGRAMFILES>\GreyGray\GreyGrayuninstall.exe".
  • The file at "<$PROGRAMFILES>\GreyGray\nhogbcndagiknbfomjgdeghehkljalhi.crx".
  • The file at "<$PROGRAMFILES>\GreyGray\updateGreyGray.exe".
  • The file at "<$PROGRAMFILES>\GreyGray\updater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.GreyGray uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>\GreyGray\bin\plugins".
  • The directory at "<$PROGRAMFILES>\GreyGray\bin".
  • The directory at "<$PROGRAMFILES>\GreyGray".
Make sure you set your file manager to display hidden and system files. If Ad.GreyGray uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{630BB364-173F-49E6-8510-6E0C86B25593}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{ae60e6ed-49dd-4099-8b5e-386a4908d5d5}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{ae60e6ed-49dd-4099-8b5e-386a4908d5d5}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{FE34FA86-9846-47AA-8E21-108C4D3EB7B1}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "GreyGray" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "GreyGray" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update GreyGray" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update GreyGray" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update GreyGray" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\GreyGray\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\GreyGray\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\GreyGray\".
If Ad.GreyGray uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Spybot Anti-Beacon 1.6 now available

Many thanks for all the patience waiting for an update to Spybot Anti-Beacon!

We spent a lot of time working on Spybot 3. And now that Spybot Anti-Beacon will also be integrated into Spybot 3, we found time to continue work. Today’s update to Anti-Beacon 1.6 will add two new immunizers and a few new blocked hosts. More updates are already pending since we’re actively working on this feature again (including a new look, but mostly focused on function of course)!

Spybot Anti-Beacon 1.6 can be downloaded from here.

Updates:

  1. Additional Telemetry Immunization Categories
  2. Additional Blocked Hosts

Fixes:

  1. Immunization of Office 13/16 Telemetry Scheduled Tasks and Options is possible even if Microsoft Office is not installed (previously they appeared to immunize correctly, but the immunization could not be undone in Anti-Beacon)

Don’t forget to always run Spybot Anti-Beacon as an administrator by right-clicking the downloaded installer, and choosing the option to “Run as administrator”. This will ensure that Anti-Beacon has the permissions it needs to function correctly.

Manual Removal Guide for Ad.Loffinam

The following instructions have been created to help you to get rid of "Ad.Loffinam" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.Loffinam is a browser add-on that displays advertisements and sponsored links.
Links (be careful!):
: ttp://loffinam.net/
: ttp://www.loffinam.net/
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • A file with an unknown location named "{d09eec19-10f5-44bd-a92a-cdd3ee45f8a8}.xpi".
  • The file at "<$PROGRAMFILES>\loffinam\bin\loffinam.BOAS.exe".
  • The file at "<$PROGRAMFILES>\loffinam\bin\loffinam.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\loffinam\bin\loffinam.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\loffinam\bin\loffinam.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\loffinam\bin\loffinam.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\loffinam\bin\loffinam.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\loffinam\bin\loffinam.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\loffinam\bin\loffinam.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\loffinam\bin\loffinamBA.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\loffinamBAApp.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\loffinamBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.BOAS.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.Bromon.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.BroStats.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.BRT.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\plugins\loffinam.Repmon.dll".
  • The file at "<$PROGRAMFILES>\loffinam\bin\utilloffinam.exe".
  • The file at "<$PROGRAMFILES>\loffinam\loffinam.Common.dll".
  • The file at "<$PROGRAMFILES>\loffinam\loffinam.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\loffinam\loffinam.ico".
  • The file at "<$PROGRAMFILES>\loffinam\loffinamBHO.dll".
  • The file at "<$PROGRAMFILES>\loffinam\loffinamuninstall.exe".
  • The file at "<$PROGRAMFILES>\loffinam\updateloffinam.exe".
  • The file at "<$PROGRAMFILES>\loffinam\updater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.Loffinam uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>\loffinam\bin\plugins".
  • The directory at "<$PROGRAMFILES>\loffinam\bin".
  • The directory at "<$PROGRAMFILES>\loffinam".
Make sure you set your file manager to display hidden and system files. If Ad.Loffinam uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "loffinam" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "loffinam" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update loffinam" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update loffinam" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update loffinam" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\loffinam\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\loffinam\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\loffinam\".
If Ad.Loffinam uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Powp.gen

The following instructions have been created to help you to get rid of "Win32.Powp.gen" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • trojan

Description:
Win32.Powp.gen copies itself into system and fonts directory and creates a task to run every hour. It connects to a remote server in the background and changes autorun entries to run its files.
Removal Instructions:

Autorun:

Important: There are more autorun entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$FONTS>\3PNXug418.com".
  • The file at "<$SYSDIR>\3PNXug418.com".
Make sure you set your file manager to display hidden and system files. If Win32.Powp.gen uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for P2P.MediaGet

The following instructions have been created to help you to get rid of "P2P.MediaGet" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • malware

Description:
P2P.MediaGet is a malicious bittorrent client that pretends to be the actual file the user wants. It uses a timer within the installer to proceed with installing adware like Babylon toolbar without the users consent.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMS>\MediaGet.lnk".
Make sure you set your file manager to display hidden and system files. If P2P.MediaGet uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$LOCALSETTINGS>\Temp\mediaget_torrentinfo".
  • The directory at "<$LOCALSETTINGS>\Temp\mediaget_torrentzip".
Make sure you set your file manager to display hidden and system files. If P2P.MediaGet uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "Media Get LLC" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "MediaGet2" at "HKEY_CURRENT_USER\Software\Media Get LLC\".
If P2P.MediaGet uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.BetterBrowse

The following instructions have been created to help you to get rid of "Ad.BetterBrowse" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware

Description:
Ad.BetterBrowse is a browser add-on that displays advertisements and sponsored links.
Links (be careful!):
: ttp://betterbrowse.net
: ttp://www.betterbrowse.net
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>\BetterBrowse\bajabccdmihihgpddknddbebeiionoeb.crx".
  • The file at "<$PROGRAMFILES>\BetterBrowse\BetterBrowse.Common.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\BetterBrowse.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\BetterBrowse\BetterBrowse.ico".
  • The file at "<$PROGRAMFILES>\BetterBrowse\BetterBrowseBHO.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\BetterBrowseuninstall.exe".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\BetterBrowse.BOAS.exe".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\BetterBrowse.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\BetterBrowse.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\BetterBrowse.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\BetterBrowse.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\BetterBrowse.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\BetterBrowse.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\BetterBrowse.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\BetterBrowseBA.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\BetterBrowseBAApp.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\BetterBrowseBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.BOAS.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.Bromon.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.BroStats.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.BRT.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\plugins\BetterBrowse.Repmon.dll".
  • The file at "<$PROGRAMFILES>\BetterBrowse\bin\utilBetterBrowse.exe".
  • The file at "<$PROGRAMFILES>\BetterBrowse\updateBetterBrowse.exe".
  • The file at "<$PROGRAMFILES>\BetterBrowse\updater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.BetterBrowse uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\bajabccdmihihgpddknddbebeiionoeb\1.0.0_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\bajabccdmihihgpddknddbebeiionoeb".
  • The directory at "<$PROGRAMFILES>\BetterBrowse\bin\plugins".
  • The directory at "<$PROGRAMFILES>\BetterBrowse\bin".
  • The directory at "<$PROGRAMFILES>\BetterBrowse".
Make sure you set your file manager to display hidden and system files. If Ad.BetterBrowse uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{849316F2-8DD4-4F01-9CCD-3D579079132A}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{964cfd95-89cb-4ba5-a122-36258ea0662a}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{964cfd95-89cb-4ba5-a122-36258ea0662a}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{CF588F26-5634-4FFF-AC47-C0CACA40617E}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "BetterBrowse" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "BetterBrowse" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update BetterBrowse" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update BetterBrowse" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update BetterBrowse" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\BetterBrowse\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\BetterBrowse\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\BetterBrowse\".
If Ad.BetterBrowse uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Tips for shopping safely online this Christmas!

In the modern world, it has become ever more common for people to do the bulk of their Christmas shopping online. While this may be very convenient it may also expose you to the dangers of online shopping, such as identity theft or fraud.

There are a few steps outlined below that you can take to ensure you are minimising this risk for yourself:

  1. Use secure websites (HTTPS)

    Websites that have configured secure communications will have a URL that begins with “https” (or HTTP Secure) rather than “http”. If a website asks you for personal information such as your credit card number or login information, but is not configured to use HTTP Secure, the information you enter may be compromised and stolen by a third party.

  2. Use trustworthy Purchase Methods

    There are many trustworthy purchase methods such as PayPal and WorldPay, which will improve your chances of securely making your purchases, or getting your money back in the event a problem occurs.

  3. Use trustworthy websites, and check merchant ratings

    Ideally, purchases should be made through a website that has many positive reviews, and is reputable. However, reputable websites can also potentially have untrustworthy merchants, who are selling their products through the website. It is important to check both the review of the website, and available reviews of the seller, to minimise the potential risk.

  4. Use an adblocker

    Adblockers can prevent websites from injecting malicious code onto your website through ads. This can occur with reputable websites, if they have not screened their advertisers properly that are allowed to put ads on their website, which recently happened to the well-known website Forbes.

  5. Use an antivirus program

    This software should be kept up-to-date, with a regularly scheduled scan configured to run to ensure that any potentially malicious software is quarantined or removed as quickly as possible.

  6. Do not use 3rd party apps on mobile

    Any app that is installed on your phone could potentially have access to personal information you enter into the device, such as your credit card information. To minimise the risk of this, do not install apps that are not from the Google Play store or the Apple App store if you use this device for shopping online.

  7. And, of course, use Spybot

    Spybot can detect and remove many types of malicious programs, and help to keep your devices safe. While none of these options will 100% guarantee that your online shopping experience will go off without a hitch, the more of these rules you follow, the safer your experience is likely to be.

Use Spybot to remove WoT (Web of Trust) and avoid unnecessary plugins

If you are following the news, you might already have heard about the Web of Trust browser plugin story (Spybot will remove it for you). German TV channel NDR has unveiled that WoT was stating that it collects and distributes just pseudonymous data. Instead, a lot of easily personally identifiable information was found in a free sample of the data they sell. The investigating journalists claim to have found intimate details even of politicians in the German government. This showcases the dangers of such data in the wild.

What should you do?

As expected, Spybot will remove this toolbar for you asap. Please make sure you get Wednesdays updates!

Now is a good time to check which plugins you’ve got installed. When did you use them the last time? Uninstall them now if you do not need them!

In general, we recommend that you install as few browser plugins as are really necessary. Take your time to check their privacy policy. Any sharing of data is a risk that you should avoid. Even if it is called anonymous or pseudonymous as in this case.

But when you made the wrong choice, Spybot is a great option. It was easy to fail here because WoT had a some reputation. PUPS (Possibly UnPopular Software) is a loose category that’s often on the edge between malicious or just annoying, and is among our main focus group. Safer-Networking Ltd. is not backed by investors who might have a separate interest in certain toolbars. Thus we can and will freely decide to flag software as PUPS based on what we think is best for you, our customers.

Manual Removal Guide for Ad.Zammillo

The following instructions have been created to help you to get rid of "Ad.Zammillo" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Zammillo is a browser add-on that displays advertisements and sponsored links during an Internet session.

Links (be careful!):

: ttp://zammillo.co/
: ttp://www.zammillo.co/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.BOAS.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.Bromon.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.BroStats.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.BRT.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\plugins\zammillo.Repmon.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\utilzammillo.exe".
  • The file at "<$PROGRAMFILES>\zammillo\bin\zammillo.BOAS.exe".
  • The file at "<$PROGRAMFILES>\zammillo\bin\zammillo.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\zammillo\bin\zammillo.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\zammillo\bin\zammillo.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\zammillo\bin\zammillo.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\zammillo\bin\zammillo.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\zammillo\bin\zammillo.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\zammillo\bin\zammillo.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\zammillo\bin\zammilloBA.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\zammilloBAApp.dll".
  • The file at "<$PROGRAMFILES>\zammillo\bin\zammilloBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\zammillo\updater.exe".
  • The file at "<$PROGRAMFILES>\zammillo\updatezammillo.exe".
  • The file at "<$PROGRAMFILES>\zammillo\zammillo.Common.dll".
  • The file at "<$PROGRAMFILES>\zammillo\zammillo.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\zammillo\zammillo.ico".
  • The file at "<$PROGRAMFILES>\zammillo\zammilloBHO.dll".
  • The file at "<$PROGRAMFILES>\zammillo\zammillouninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Zammillo uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\zammillo\bin\plugins".
  • The directory at "<$PROGRAMFILES>\zammillo\bin".
  • The directory at "<$PROGRAMFILES>\zammillo".

Make sure you set your file manager to display hidden and system files. If Ad.Zammillo uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "Update zammillo" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update zammillo" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update zammillo" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry key "zammillo.co" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\".
  • Delete the registry key "zammillo" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "zammillo" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".

If Ad.Zammillo uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Storimbo

The following instructions have been created to help you to get rid of "Ad.Storimbo" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Storimbo is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.BOAS.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.Bromon.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.BroStats.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.BRT.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\plugins\storimbo.Repmon.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\storimbo.BOAS.exe".
  • The file at "<$PROGRAMFILES>\storimbo\bin\storimbo.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\storimbo\bin\storimbo.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\storimbo\bin\storimbo.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\storimbo\bin\storimbo.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\storimbo\bin\storimbo.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\storimbo\bin\storimbo.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\storimbo\bin\storimbo.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\storimbo\bin\storimboBA.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\storimboBAApp.dll".
  • The file at "<$PROGRAMFILES>\storimbo\bin\storimboBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\storimbo\bin\utilstorimbo.exe".
  • The file at "<$PROGRAMFILES>\storimbo\storimbo.Common.dll".
  • The file at "<$PROGRAMFILES>\storimbo\storimbo.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\storimbo\storimbo.ico".
  • The file at "<$PROGRAMFILES>\storimbo\storimboBHO.dll".
  • The file at "<$PROGRAMFILES>\storimbo\storimbouninstall.exe".
  • The file at "<$PROGRAMFILES>\storimbo\updater.exe".
  • The file at "<$PROGRAMFILES>\storimbo\updatestorimbo.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Storimbo uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\storimbo\bin\plugins".
  • The directory at "<$PROGRAMFILES>\storimbo\bin".
  • The directory at "<$PROGRAMFILES>\storimbo".

Make sure you set your file manager to display hidden and system files. If Ad.Storimbo uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "storimbo" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "storimbo" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update storimbo" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update storimbo" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update storimbo" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.Storimbo uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Illoxum

The following instructions have been created to help you to get rid of "Ad.Illoxum" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Illoxum is a browser add-on that displays advertisements and sponsored links during an Internet session.

Links (be careful!):

: ttp://illoxum.org/
: ttp://www.illoxum.org/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\illoxum\bin\illoxum.BOAS.exe".
  • The file at "<$PROGRAMFILES>\illoxum\bin\illoxum.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\illoxum\bin\illoxum.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\illoxum\bin\illoxum.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\illoxum\bin\illoxum.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\illoxum\bin\illoxum.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\illoxum\bin\illoxum.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\illoxum\bin\illoxum.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\illoxum\bin\illoxumBA.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\illoxumBAApp.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\illoxumBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.BOAS.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.Bromon.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.BroStats.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.BRT.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\plugins\illoxum.Repmon.dll".
  • The file at "<$PROGRAMFILES>\illoxum\bin\utililloxum.exe".
  • The file at "<$PROGRAMFILES>\illoxum\illoxum.Common.dll".
  • The file at "<$PROGRAMFILES>\illoxum\illoxum.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\illoxum\illoxum.ico".
  • The file at "<$PROGRAMFILES>\illoxum\illoxumBHO.dll".
  • The file at "<$PROGRAMFILES>\illoxum\illoxumuninstall.exe".
  • The file at "<$PROGRAMFILES>\illoxum\updateilloxum.exe".
  • The file at "<$PROGRAMFILES>\illoxum\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Illoxum uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\illoxum\bin\plugins".
  • The directory at "<$PROGRAMFILES>\illoxum\bin".
  • The directory at "<$PROGRAMFILES>\illoxum".

Make sure you set your file manager to display hidden and system files. If Ad.Illoxum uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{03f91398-4119-4a7d-9eee-0e7a9df85c30}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{03f91398-4119-4a7d-9eee-0e7a9df85c30}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{3c8e4d3f-b285-4dce-a2c0-b77deff96386}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{3c8e4d3f-b285-4dce-a2c0-b77deff96386}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{421C6930-5E12-4254-AEB8-037D5D13DC79}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{818D1B76-787D-4C54-B117-901B64FE0907}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{A6330D64-2983-443E-8980-8824F0BF25B0}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{FA460C85-B50F-407B-B8F7-1C8E6EB1BC30}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "illoxum.org" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\".
  • Delete the registry key "illoxum" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "illoxum" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USER\Software\illoxum\".
  • Delete the registry key "Update illoxum" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update illoxum" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update illoxum" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\illoxum\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\illoxum\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\illoxum\".

If Ad.Illoxum uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SunriseBrowse

The following instructions have been created to help you to get rid of "Ad.SunriseBrowse" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.SunriseBrowse is a browser add-on that displays advertisements and sponsored links. Related to the Yontoo adware.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.BOAS.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.Bromon.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.BroStats.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.BRT.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins\SunriseBrowse.Repmon.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\SunriseBrowse.BOAS.exe".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\SunriseBrowse.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\SunriseBrowse.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\SunriseBrowse.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\SunriseBrowse.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\SunriseBrowse.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\SunriseBrowse.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\SunriseBrowse.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\SunriseBrowseBA.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\SunriseBrowseBAApp.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\SunriseBrowseBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\bin\utilSunriseBrowse.exe".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\SunriseBrowse.Common.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\SunriseBrowse.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\SunriseBrowse.ico".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\SunriseBrowseBHO.dll".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\SunriseBrowseuninstall.exe".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\updater.exe".
  • The file at "<$PROGRAMFILES>\SunriseBrowse\updateSunriseBrowse.exe".

Make sure you set your file manager to display hidden and system files. If Ad.SunriseBrowse uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\SunriseBrowse\bin\plugins".
  • The directory at "<$PROGRAMFILES>\SunriseBrowse\bin".
  • The directory at "<$PROGRAMFILES>\SunriseBrowse".

Make sure you set your file manager to display hidden and system files. If Ad.SunriseBrowse uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "SunriseBrowse" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "SunriseBrowse" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update SunriseBrowse" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update SunriseBrowse" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update SunriseBrowse" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "arc" at "HKEY_CURRENT_USER\Software\SunriseBrowse\".
  • Delete the registry value "cn" at "HKEY_CURRENT_USER\Software\SunriseBrowse\".
  • Delete the registry value "crc" at "HKEY_CURRENT_USER\Software\SunriseBrowse\".
  • Delete the registry value "pc" at "HKEY_CURRENT_USER\Software\SunriseBrowse\".
  • Delete the registry value "uidg" at "HKEY_CURRENT_USER\Software\SunriseBrowse\".

If Ad.SunriseBrowse uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Papras.ky

The following instructions have been created to help you to get rid of "Win32.Papras.ky" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan

Description:

Win32.Papras.ky installs a library file in Windows and system directory which is loaded by all executable files in order to spy on user’s credentials.

Removal Instructions:

Files:

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry value "clicgoff" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls\".
  • Delete the registry value "clicgoff" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls\".
  • Delete the registry value "clicgoff" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\AppCertDlls\".

If Win32.Papras.ky uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Agent.heqj

The following instructions have been created to help you to get rid of "Win32.Agent.heqj" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan

Description:

Win32.Agent.heqj installs several exectuable files and a system file in the system directory.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "inethnfd".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$COMMONPROGRAMFILES>\Config\uninstinethnfd.exe".
  • The file at "<$SYSDIR>\drivers\nethfdrv.sys".
  • The file at "<$SYSDIR>\hfnapi.dll".
  • The file at "<$SYSDIR>\hfpapi.dll".
  • The file at "<$SYSDIR>\installd.exe".
  • The file at "<$SYSDIR>\nethtsrv.exe".
  • The file at "<$SYSDIR>\netupdsrv.exe".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.heqj uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.NZellCodec

The following instructions have been created to help you to get rid of "PU.NZellCodec" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.NZellCodec installs several video codecs and connects to korean adware servers in the background.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "nzellwatch" and pointing to "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\NZellCodecUpdate.exe".

Important: There are more autorun entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "NzelCodecPack".
  • Products that have a key or property named "NZellCodecPack".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\nzellcodec_uninstall.exe".
  • The file at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\NZellCodecUpdate.exe".

Make sure you set your file manager to display hidden and system files. If PU.NZellCodec uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\audio\ac3 filter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\audio\corevorbis".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\audio\lameDS".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\audio\mp4 splitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\audio\oggsplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\audio\shoutcastsource".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\audio".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\caption".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\avi2ac3filter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\avisplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\cddareader".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\cdxareader".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\d2vsource".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\diracsplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\divx3".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\divx5".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\dscaler".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\dsmmuxer".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\dsmsplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\ffdshow\custom matrices".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\ffdshow\languages".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\ffdshow".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\flvsplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\hallisplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\matroskamuxer".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\matroskasplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\mms".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\mpegsplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\realmediasplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\streamdrivethru".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\subtitlesource".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\vtsreader".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\x264".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools\asf2mkv".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools\divfix \docs".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools\divfix \locale\hu".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools\divfix \locale\tr".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools\divfix \locale".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools\divfix ".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools\gspot".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools\mpc".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack".
  • The directory at "<$PROGRAMFILES>\nzellsoft".

Make sure you set your file manager to display hidden and system files. If PU.NZellCodec uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "NZellCodecPack" at "HKEY_LOCAL_MACHINE\SOFTWARE\".

If PU.NZellCodec uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.IEFXZ

The following instructions have been created to help you to get rid of "PU.IEFXZ" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups
  • bho

Description:

PU.IEFXZ installs as a chinese Browser Helper Object (BHO) for Internet Explorer in programfiles directory. It changes search scopes and connects to remote servers.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "IEFXZ".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\IEfxz\iefxz.dll".
  • The file at "<$PROGRAMFILES>\IEfxz\uninst.exe".

Make sure you set your file manager to display hidden and system files. If PU.IEFXZ uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\IEfxz".

Make sure you set your file manager to display hidden and system files. If PU.IEFXZ uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT\ named "IEFXZ.Obj.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "IEFXZ.Obj", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "IEFXZHelper.Obj.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "IEFXZHelper.Obj", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "IEFXZTool.Obj.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "IEFXZTool.Obj", plus associated values.
  • Delete the registry key "{61F0024B-8278-4999-B7E6-2718426D9FE6}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\".
  • Delete the registry key "{61F0024B-8278-4999-B7E6-2718426D9FE6}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
  • Delete the registry key "{6A49F431-2A2E-41a5-9080-0F41D1A3AEC1}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{6A49F431-2A2E-41a5-9080-0F41D1A3AEC1}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
  • Delete the registry key "{6A49F431-2A2E-41a5-9080-0F41D1A3AEC2}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{6A49F431-2A2E-41A5-9080-0F41D1A3AEC2}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\".
  • Delete the registry key "{6A49F431-2A2E-41A5-9080-0F41D1A3AEC2}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
  • Delete the registry key "{6A49F431-2A2E-41a5-9080-0F41D1A3AEC2}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{6A49F431-2A2E-41a5-9080-0F41D1A3AEC3}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "IEFXZ" at "HKEY_CURRENT_USER\Software\".

If PU.IEFXZ uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for OutBrowse

The following instructions have been created to help you to get rid of "OutBrowse" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

OutBrowse distributes free software with other unwanted programs which are installed optionally with the installer.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALSETTINGS>\Temp\SearchProtectChecker.exe".

Make sure you set your file manager to display hidden and system files. If OutBrowse uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$LOCALAPPDATA>\SearchProtect\Logs".
  • The directory at "<$LOCALAPPDATA>\SearchProtect".

Make sure you set your file manager to display hidden and system files. If OutBrowse uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Agent.pyma

The following instructions have been created to help you to get rid of "Win32.Agent.pyma" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan

Description:

Win32.Agent.pyma is a malicious script compiled with Python2Exe.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "Fierce Store.exe".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.pyma uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{AE568478-B559-192A-3679-ABB2CC5C3FC5}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".

If Win32.Agent.pyma uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.QuickSeeker

The following instructions have been created to help you to get rid of "PU.QuickSeeker" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.QuickSeeker is part of the CyclonMedia/ Ad.Cyclone framework. This application is often installed unintentionally.

Links (be careful!):

:

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "QuickSeeker20130820".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$SYSDRIVE>\QuickSeeker20130820\bl_home.txt".
  • The file at "<$SYSDRIVE>\QuickSeeker20130820\bl_search.txt".
  • The file at "<$SYSDRIVE>\QuickSeeker20130820\Connector.exe".
  • The file at "<$SYSDRIVE>\QuickSeeker20130820\ie_home.bat".
  • The file at "<$SYSDRIVE>\QuickSeeker20130820\Protector.exe".
  • The file at "<$SYSDRIVE>\QuickSeeker20130820\RunOnce.cmd".
  • The file at "<$SYSDRIVE>\QuickSeeker20130820\TempWmicBatchFile.bat".
  • The file at "<$SYSDRIVE>\QuickSeeker20130820\Uninstall.cmd".

Make sure you set your file manager to display hidden and system files. If PU.QuickSeeker uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$SYSDRIVE>\QuickSeeker20130820".

Make sure you set your file manager to display hidden and system files. If PU.QuickSeeker uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.CyclonGems

The following instructions have been created to help you to get rid of "Ad.CyclonGems" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.CyclonGems is an adware framework. Once installed it opens random advertising web sites within the default browser.

Links (be careful!):

: ttp://ww7.cyclon-gems.com/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALSETTINGS>\Temp\Gems\GemsContextHelper.exe".
  • The file at "<$LOCALSETTINGS>\Temp\Gems\GemsHome.exe".

Make sure you set your file manager to display hidden and system files. If Ad.CyclonGems uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$LOCALSETTINGS>\Temp\Gems".

Make sure you set your file manager to display hidden and system files. If Ad.CyclonGems uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.Context2pro

The following instructions have been created to help you to get rid of "PU.Context2pro" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.Context2pro is part of the CyclonMedia/ Ad.Cyclone framework. This application is often installed unintentionally.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "7Zipconadvanced" and pointing to "<$LOCALAPPDATA>\Context2pro\conadvanced.exe".
  • Entries named "7Zipcontextfr" and pointing to "<$LOCALAPPDATA>\Context2pro\contextfr.exe".
  • Entries named "7Zipcontextprod" and pointing to "<$LOCALAPPDATA>\Context2pro\contextprod.exe".

Important: There are more autorun entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALAPPDATA>\Context2pro\conadvanced.exe".
  • The file at "<$LOCALAPPDATA>\Context2pro\Context2pro_Uninstaller.exe".
  • The file at "<$LOCALAPPDATA>\Context2pro\contextfr.exe".
  • The file at "<$LOCALAPPDATA>\Context2pro\contextnav.exe".
  • The file at "<$LOCALAPPDATA>\Context2pro\contextprod.exe".
  • The file at "<$LOCALAPPDATA>\Context2pro\libwindoc.exe".

Make sure you set your file manager to display hidden and system files. If PU.Context2pro uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$LOCALAPPDATA>\Context2pro".

Make sure you set your file manager to display hidden and system files. If PU.Context2pro uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "AdServer" at "HKEY_CURRENT_USER\Software\Context2pro\contextprod\".
  • Delete the registry key "Context2pro" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "Context2pro" at "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "contextprod" at "HKEY_CURRENT_USER\Software\Context2pro\".
  • Remove "<regexpr>http. " from registry value "KeywordsPath" at "HKEY_CURRENT_USER\Software\Context2pro\contextprod\AdServer\".

If PU.Context2pro uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.Buzzdock

The following instructions have been created to help you to get rid of "PU.Buzzdock" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.Buzzdock is a search enhancement extension that shows advertising in search requests. It is part of the Alactro LLC an Yontoo adware framework.

Privacy Statement:

http://www.buzzdock.com/privacy_2.0

Links (be careful!):

: ttp://www.buzzdock.com/
: ttps://chrome.google.com/webstore/detail/buzzdock/ejaodgecffaefnnoggjpogblnlpejkma

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$COMMONPROGRAMS>\Buzzdock\Buzzdock Support Site.lnk".
  • The file at "<$COMMONPROGRAMS>\Buzzdock\Buzzdock.lnk".
  • The file at "<$COMMONPROGRAMS>\Buzzdock\Uninstall.lnk".
  • The file at "<$PROGRAMFILES>\Buzzdock\Buzzdock Support.url".
  • The file at "<$PROGRAMFILES>\Buzzdock\Buzzdock.ico".
  • The file at "<$PROGRAMFILES>\Buzzdock\Buzzdock.url".
  • The file at "<$PROGRAMFILES>\Buzzdock\BuzzdockIEClient.dll".
  • The file at "<$PROGRAMFILES>\Buzzdock\Uninstall.url".

Make sure you set your file manager to display hidden and system files. If PU.Buzzdock uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$COMMONPROGRAMS>\Buzzdock".
  • The directory at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Extensions\ejaodgecffaefnnoggjpogblnlpejkma\2.1.5_0".
  • The directory at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Extensions\ejaodgecffaefnnoggjpogblnlpejkma".
  • The directory at "<$PROGRAMFILES>\Buzzdock".

Make sure you set your file manager to display hidden and system files. If PU.Buzzdock uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT\ named "BuzzdockIEClient.Api.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "BuzzdockIEClient.Api", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "BuzzdockIEClient.Layers.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "BuzzdockIEClient.Layers", plus associated values.
  • Delete the registry key "{220EB34E-DC2B-4B04-AD40-A1C7C31731F2}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "{435D09AA-DDE4-4B40-9129-08F025ECA349}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{435D09AA-DDE4-4B40-9129-08F025ECA349}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{4A3DEECA-A579-44BC-BCF3-167F4B9E8E4C}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{83C58580-EC6E-48CD-9521-B95874483BEB}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{BE3A76AC-F071-4C7F-9B7A-D974B4F52DCA}" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "{C8C107B2-28C2-472D-9BD4-6A25776841D1}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "BuzzdockIEClient.DLL" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "ejaodgecffaefnnoggjpogblnlpejkma" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\".

If PU.Buzzdock uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Yabector

The following instructions have been created to help you to get rid of "Ad.Yabector" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.Yabector installs executable files in program files directory and links to ebay on users desktop and quicklaunch.

Removal Instructions:

Desktop:

Please remove the following files from your desktop.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.

  • Shortcuts named "eBay Startseite.lnk" and pointing to "<$PROGRAMFILES>\ClearProg\eBay\eBayShortcuts.exe".

Quicklaunch area:

Please remove the following items from your start quick launch area text to the "Start" button in the taskbar at the bottom.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.

  • Quicklaunch symbols named "eBay Startseite.lnk" and pointing to "<$PROGRAMFILES>\ClearProg\eBay\eBayShortcuts.exe".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$APPDATA>\AD ON Multimedia\eBay Shortcuts\config.ini".
  • The file at "<$PROGRAMFILES>\ClearProg\eBay\eBayShortcuts.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Yabector uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\AD ON Multimedia\eBay Shortcuts".
  • The directory at "<$APPDATA>\AD ON Multimedia".
  • The directory at "<$PROGRAMFILES>\ClearProg\eBay".

Make sure you set your file manager to display hidden and system files. If Ad.Yabector uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Agent.fkap

The following instructions have been created to help you to get rid of "Win32.Agent.fkap" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan
  • bho

Description:

Win32.Agent.fkap installs a Browser Helper Object (BHO) "favoclickBHO" in the Internet Explorer without user consent.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "favoclick" and pointing to "<$PROGRAMFILES>\favoclick\favoclickup.exe".

Important: There are more autorun entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "favoclick uninstall".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\favoclick\domainrefer.ini".
  • The file at "<$PROGRAMFILES>\favoclick\favoclick.dll".
  • The file at "<$PROGRAMFILES>\favoclick\favoclickup.exe".
  • The file at "<$PROGRAMFILES>\favoclick\keycode.ini".
  • The file at "<$PROGRAMFILES>\favoclick\uninstall.exe".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.fkap uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\favoclick".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.fkap uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT\ named "favoclick.favoclickBho.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "favoclick.favoclickBho", plus associated values.
  • Delete the registry key "{249323EB-4152-4ED9-800B-C699E67F6568}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{6A0C33CA-4C02-4BF6-A96E-37336BD1CE44}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{6A0C33CA-4C02-4BF6-A96E-37336BD1CE44}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{8C5607BF-C2F8-4511-912D-8763C1D8CF48}" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "{B626D345-31AE-4156-933F-10F076FD96ED}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "favoc" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "favoclick.DLL" at "HKEY_CLASSES_ROOT\AppID\".

If Win32.Agent.fkap uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for ShoppingSidekick

The following instructions have been created to help you to get rid of "ShoppingSidekick" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

ShoppingSidekick installs a multitude of adware during the installation process of other software. Even if the installation process will be canceled adware will be dropped.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "Shopping Sidekick Plugin".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\ButtonUtil.dll".
  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll".
  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\Shopping Sidekick Plugin.exe".
  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\Shopping Sidekick Plugin.ico".
  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\Shopping Sidekick Plugin.ini".
  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\Shopping Sidekick Plugin-bg.exe".
  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\Shopping Sidekick PluginGui.exe".
  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\Shopping Sidekick PluginInstaller.log".
  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\Uninstall.exe".

Make sure you set your file manager to display hidden and system files. If ShoppingSidekick uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$LOCALAPPDATA>\Shopping Sidekick Plugin\Chrome".
  • The directory at "<$LOCALAPPDATA>\Shopping Sidekick Plugin".
  • The directory at "<$PROGRAMFILES>\Shopping Sidekick Plugin".

Make sure you set your file manager to display hidden and system files. If ShoppingSidekick uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "Shopping Sidekick Plugin" at "HKEY_CURRENT_USER\Software\".

If ShoppingSidekick uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.OtherSearch

The following instructions have been created to help you to get rid of "PU.OtherSearch" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.OtherSearch might be installed inadvertently by PowerPack setup files. This software installs i.a. the adware zdengine.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\OtherSearch\uninstall.exe".
  • The file at "<$PROGRAMFILES>\OtherSearch\zdengine.dll".
  • The file at "<$PROGRAMFILES>\OtherSearch\zdengine.exe".
  • The file at "<$PROGRAMFILES>\OtherSearch\zdengine.tlb".
  • The file at "<$PROGRAMFILES>\OtherSearch\zdengine64.dll".
  • The file at "<$PROGRAMFILES>\OtherSearch\zdenginecert.dll".
  • The file at "<$PROGRAMFILES>\OtherSearch\zdinstaller.exe".
  • The file at "<$PROGRAMFILES>\OtherSearch\zdwfp.sys".
  • The file at "<$PROGRAMFILES>\OtherSearch\zdwfp64.sys".
  • The file at "<$PROGRAMFILES>\OtherSearch\ziengine.exe".
  • The file at "<$PROGRAMFILES>\OtherSearch\ziengine.ini".
  • The file at "<$PROGRAMFILES>\OtherSearch\ziengine64.exe".

Make sure you set your file manager to display hidden and system files. If PU.OtherSearch uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\OtherSearch".

Make sure you set your file manager to display hidden and system files. If PU.OtherSearch uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "Components" at "HKEY_LOCAL_MACHINE\SOFTWARE\OtherSearch\".
  • Delete the registry key "OtherSearch" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
  • Delete the registry key "OtherSearch" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "zdengine" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "zdengine" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "zdengine" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "uid" at "HKEY_LOCAL_MACHINE\SOFTWARE\OtherSearch\".

If PU.OtherSearch uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.3721Assist

The following instructions have been created to help you to get rid of "PU.3721Assist" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups
  • bho

Description:

PU.3721Assist installs Browser Add-Ons and files and folders into the program files subfolder "3721". It displays advertisements and monitors the search requests.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "{1B0E7716-898E-48cc-9690-4E338E8DE1D3}".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\3721\assist\adfilter.dll".
  • The file at "<$PROGRAMFILES>\3721\assist\assisres.dll".
  • The file at "<$PROGRAMFILES>\3721\assist\assist.dll".
  • The file at "<$PROGRAMFILES>\3721\assist\eheflash.dll".
  • The file at "<$PROGRAMFILES>\3721\assist\optimum.dll".
  • The file at "<$PROGRAMFILES>\3721\assist\repair.dll".
  • The file at "<$PROGRAMFILES>\3721\autolive.dll".
  • The file at "<$PROGRAMFILES>\3721\Helper.dll".

Make sure you set your file manager to display hidden and system files. If PU.3721Assist uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\3721\3721\assist".
  • The directory at "<$PROGRAMFILES>\3721\3721".
  • The directory at "<$PROGRAMFILES>\3721\assist".
  • The directory at "<$PROGRAMFILES>\3721".

Make sure you set your file manager to display hidden and system files. If PU.3721Assist uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT\ named "Assist.EasyAssist.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "Assist.EasyAssist", plus associated values.
  • Delete the registry key "{19069804-2CF0-4357-B696-BA6E9AAD99EF}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{1B0E7716-898E-48CC-9690-4E338E8DE1D3}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{1B0E7716-898E-48cc-9690-4E338E8DE1D3}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{924F5B3A-7A27-484A-B873-E855C9708667}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "3721" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "3721" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
  • Delete the registry value "{1B0E7716-898E-48cc-9690-4E338E8DE1D3}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\".
  • Delete the registry value "{1B0E7716-898E-48cc-9690-4E338E8DE1D3}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".

If PU.3721Assist uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Zdengine

The following instructions have been created to help you to get rid of "Ad.Zdengine" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.Zdengine might be installed inadvertently by PowerPack setup files. This product claims to protects web browsers. It installs a service file.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALSETTINGS>\Temp\zdengine.log".
  • The file at "<$LOCALSETTINGS>\Temp\ziengine.ini.log".
  • The file at "<$SYSDIR>\zdengine.dll".
  • The file at "<$SYSDIR>\zdengine.ini".
  • The file at "<$SYSDIR>\zdengineOff.ini".
  • The file at "<$WINDIR>\Temp\zdengine.log".

Make sure you set your file manager to display hidden and system files. If Ad.Zdengine uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{176F706B-5175-479C-A3DF-32420F6FB01A}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{25B1494D-230A-42CF-BBF6-EC73868D13DC}" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "{38BE2BE8-EB8E-41D1-9D94-3B1697094D47}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{53C267B2-B01D-410F-A4DD-A32962EE55F4}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{63492C58-6CD7-4FF7-8495-06A6869643EE}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{8804A543-42D3-4D71-9685-B0243D5526F3}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{A0F322D5-6A13-4CAB-84CF-FABB5690618E}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{AC3E336C-B524-47F0-9AA2-5F67AA056086}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{C68E9BB6-3DBD-4C4B-910B-C5D84A7EBB03}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{F577A1BA-D82D-4BB2-8430-B767285D081D}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "zdengine.EXE" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "zdengine" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\".
  • Delete the registry key "zdengine" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "zdengine" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "zdengine" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.Zdengine uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.WSeven

The following instructions have been created to help you to get rid of "Ad.WSeven" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.WSeven is a variant of the Eorezo adware.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "win_en_77" and pointing to "?<$PROGRAMFILES>\win_en_77\win_en_77.exe?".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALAPPDATA>\win_en_77\win_en_77\2.00\cnf.cyl".
  • The file at "<$LOCALAPPDATA>\win_en_77\win_en_77\2.00\eorezo.cyl".
  • The file at "<$PROGRAMFILES>\win_en_77\unins000.dat".
  • The file at "<$PROGRAMFILES>\win_en_77\win_en_77.exe".

Make sure you set your file manager to display hidden and system files. If Ad.WSeven uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$LOCALAPPDATA>\win_en_77\win_en_77".
  • The directory at "<$LOCALAPPDATA>\win_en_77".
  • The directory at "<$PROGRAMFILES>\win_en_77".

Make sure you set your file manager to display hidden and system files. If Ad.WSeven uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "win_en_77_is1" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "win_en_77" at "HKEY_LOCAL_MACHINE\SOFTWARE\WIN\".

If Ad.WSeven uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SmarterPower

The following instructions have been created to help you to get rid of "Ad.SmarterPower" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.SmarterPower is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.BOAS.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.Bromon.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.BroStats.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.Repmon.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\SmarterPower.BOAS.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\SmarterPower.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\SmarterPower.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\SmarterPower.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\SmarterPower.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\SmarterPower.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\SmarterPowerBA.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\SmarterPowerBAApp.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\utilSmarterPower.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\SmarterPower.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\SmarterPower.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\SmarterPower.ico".
  • The file at "<$PROGRAMFILES>\SmarterPower\SmarterPowerbho.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\SmarterPoweruninstall.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\updater.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\updateSmarterPower.exe".
  • The file at "<$SYSDIR>\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}gw64.sys".

Make sure you set your file manager to display hidden and system files. If Ad.SmarterPower uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\SmarterPower\bin\plugins".
  • The directory at "<$PROGRAMFILES>\SmarterPower\bin".
  • The directory at "<$PROGRAMFILES>\SmarterPower".

Make sure you set your file manager to display hidden and system files. If Ad.SmarterPower uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{98D9C91C-10F5-4B34-BD72-AE981CAA6F54}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{bd7c9b62-a7d9-4405-be51-7fd633f08791}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{bd7c9b62-a7d9-4405-be51-7fd633f08791}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{BE7650B2-5936-4EE6-B4F2-AE385DB13A90}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "SmarterPower" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "SmarterPower" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update SmarterPower" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update SmarterPower" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update SmarterPower" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.SmarterPower uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.EasyHotspot

The following instructions have been created to help you to get rid of "PU.EasyHotspot" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.EasyHotspot might be installed inadvertently by PowerPack setup files. This software installs amongst others Wizzcaster files with obfuscated version information.

Links (be careful!):

: ttp://asiasoftwaretools.com/
: ttp://easyhotspot.asiasoftwaretools.com/Privacy.html

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "Caster" and pointing to "<$PROGRAMFILES>\EasyHotspot\wizzcaster.exe".
  • Entries named "EasyHotspot" and pointing to "?<$PROGRAMFILES>\EasyHotspot\EasyHotspot.exe?".
  • Entries named "IDSCPRODUCT" and pointing to "?<$PROGRAMFILES>\EasyHotspot\idscservice.exe?".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$DESKTOP>\EasyHotspot.lnk".
  • The file at "<$PROGRAMFILES>\EasyHotspot\config.conf".
  • The file at "<$PROGRAMFILES>\EasyHotspot\EasyHotspot.exe".
  • The file at "<$PROGRAMFILES>\EasyHotspot\idscservice.exe".
  • The file at "<$PROGRAMFILES>\EasyHotspot\unins000.dat".
  • The file at "<$PROGRAMFILES>\EasyHotspot\unins000.exe".
  • The file at "<$PROGRAMFILES>\EasyHotspot\uninstaller.exe".
  • The file at "<$PROGRAMFILES>\EasyHotspot\UninstallerCaster.exe".
  • The file at "<$PROGRAMFILES>\EasyHotspot\wizzcaster.exe".

Make sure you set your file manager to display hidden and system files. If PU.EasyHotspot uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\EasyHotspot".

Make sure you set your file manager to display hidden and system files. If PU.EasyHotspot uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "EasyHotspot_is1" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "idsc" at "HKEY_CURRENT_USER\Software\Microsoft\".
  • Delete the registry key "Wizzcaster" at "HKEY_CURRENT_USER\Software\Wizzlabs\".
  • Delete the registry key "Wizzlabs" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry value "product" at "HKEY_CURRENT_USER\Software\Microsoft\idsc\".

If PU.EasyHotspot uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.DonkeyCodec

The following instructions have been created to help you to get rid of "PU.DonkeyCodec" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.DonkeyCodec is a Korean codec installer for video decoding. It creates a folder in the program files folder and runs on system startup.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "donkeycodec" and pointing to "?<$PROGRAMFILES>\donkeycodec\donkeycodecupdatecheck.exe*".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "uninst_donkeycd".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\donkeycodec\donkeycodecupdatecheck.exe".
  • The file at "<$PROGRAMFILES>\donkeycodec\Uninstall.exe".

Make sure you set your file manager to display hidden and system files. If PU.DonkeyCodec uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\donkeycodec\codec\subtitle\VSFilter".
  • The directory at "<$PROGRAMFILES>\donkeycodec\codec\subtitle".
  • The directory at "<$PROGRAMFILES>\donkeycodec\codec\video\avisplitter".
  • The directory at "<$PROGRAMFILES>\donkeycodec\codec\video\Divx".
  • The directory at "<$PROGRAMFILES>\donkeycodec\codec\video\Xvid".
  • The directory at "<$PROGRAMFILES>\donkeycodec\codec\video".
  • The directory at "<$PROGRAMFILES>\donkeycodec\codec".
  • The directory at "<$PROGRAMFILES>\donkeycodec".

Make sure you set your file manager to display hidden and system files. If PU.DonkeyCodec uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "donkeycodec" at "HKEY_LOCAL_MACHINE\SOFTWARE\".

If PU.DonkeyCodec uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for KeyloggerLite

The following instructions have been created to help you to get rid of "KeyloggerLite" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • keylogger

Description:

KeyloggerLite records all keystrokes made during the session. It is invisible to all users, except to the one who installed the program. The logged keystokes can be stored in a previously created directory and are therefore not easy to be found. Those logfiles can be sent to a specified email-address. There is an option to generate an autorun entry so that the program starts any time the computer is started. It comes as evaluation copy for seven days, after this period users have to purchase a license.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "Keylogger Lite".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$DESKTOP>\Keylogger Lite.lnk".
  • The file at "<$PROGRAMFILES>\Keylogger Lite\KLite.exe".
  • The file at "<$PROGRAMFILES>\Keylogger Lite\kls.dll".
  • The file at "<$PROGRAMFILES>\Keylogger Lite\Uninstall.exe".

Make sure you set your file manager to display hidden and system files. If KeyloggerLite uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Keylogger Lite".
  • The directory at "<$PROGRAMS>\Keylogger Lite".

Make sure you set your file manager to display hidden and system files. If KeyloggerLite uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.HighliteApp

The following instructions have been created to help you to get rid of "Ad.HighliteApp" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.HighliteApp is adware that creates a program files directory and starts a system service.

Links (be careful!):

: ttp://ww2.highliteapp.com

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\HighliteApp\hlapp.dll".
  • The file at "<$PROGRAMFILES>\HighliteApp\hlupdate.exe".
  • The file at "<$PROGRAMFILES>\HighliteApp\icon.ico".
  • The file at "<$PROGRAMFILES>\HighliteApp\uninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.HighliteApp uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\HighliteApp".

Make sure you set your file manager to display hidden and system files. If Ad.HighliteApp uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "HighliteApp" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "HighliteApp" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "HighliteApp" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "HighliteApp" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.HighliteApp uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Agent.lhu

The following instructions have been created to help you to get rid of "Win32.Agent.lhu" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan

Description:

Win32.Agent.lhu creates files and folders ins programfiles directory.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "VnrPack" and pointing to "<$PROGRAMFILES>\VnrPack\VnrPack??.exe".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\VnrPack\uninstall.exe".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.lhu uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\VnrPack".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.lhu uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "VnrPack" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "VnrPack" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".

If Win32.Agent.lhu uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.iQiyi

The following instructions have been created to help you to get rid of "PU.iQiyi" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.iQiyi is a media player application of Chinese origin that contains the ‘Baidu.Hao123’ adware application. PU.iQiyi is often installed without any user consent. This signature detects the adware component.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\iQiyi\hao123.exe".

Make sure you set your file manager to display hidden and system files. If PU.iQiyi uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{0180E49C-13BF-46DB-9AFD-9F52292E1C22}" at "HKEY_CLASSES_ROOT\CLSID\".

If PU.iQiyi uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for AdvancedTracksCleaner

The following instructions have been created to help you to get rid of "AdvancedTracksCleaner" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

AdvancedTracksCleaner cleans tracks of several programs. It comes as evaluation copy for seven days, after this period users have to purchase a license.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "Advanced Tracks Cleaner".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$DESKTOP>\Advanced Tracks Cleaner.lnk".
  • The file at "<$PROGRAMFILES>\Advanced Tracks Cleaner\Advanced Tracks Cleaner.chm".
  • The file at "<$PROGRAMFILES>\Advanced Tracks Cleaner\Advanced Tracks Cleaner.exe".
  • The file at "<$PROGRAMFILES>\Advanced Tracks Cleaner\Uninstall.exe".
  • The file at "<$PROGRAMFILES>\Advanced Tracks Cleaner\Visit the Official Advanced Tracks Cleaner Website.url".

Make sure you set your file manager to display hidden and system files. If AdvancedTracksCleaner uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Advanced Tracks Cleaner\Data".
  • The directory at "<$PROGRAMFILES>\Advanced Tracks Cleaner".
  • The directory at "<$PROGRAMS>\Advanced Tracks Cleaner".

Make sure you set your file manager to display hidden and system files. If AdvancedTracksCleaner uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Kozaka

The following instructions have been created to help you to get rid of "Ad.Kozaka" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Kozaka is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://kozaka.net/Privacy

Links (be careful!):

: ttp://kozaka.net
: ttp://www.kozaka.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{ce2cc6b9-0133-4405-9775-8944501dc17c}.xpi".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\Kozaka.BOAS.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\Kozaka.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\Kozaka.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\Kozaka.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\Kozaka.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\Kozaka.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\Kozaka.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\Kozaka.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\KozakaBA.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\KozakaBAApp.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\KozakaBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.BOAS.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.Bromon.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.BroStats.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.BRT.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.Repmon.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\utilKozaka.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\Kozaka.Common.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\Kozaka.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\Kozaka.ico".
  • The file at "<$PROGRAMFILES>\Kozaka\KozakaBHO.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\Kozakauninstall.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\mciekghplkkgcmofonmkmlomhkamochd.crx".
  • The file at "<$PROGRAMFILES>\Kozaka\updateKozaka.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Kozaka uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Kozaka\bin\plugins".
  • The directory at "<$PROGRAMFILES>\Kozaka\bin".
  • The directory at "<$PROGRAMFILES>\Kozaka".

Make sure you set your file manager to display hidden and system files. If Ad.Kozaka uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{7357A44B-D09F-40DA-9B0B-639C741A471D}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{a45e3fa8-5048-4372-94ad-c6661671f7fc}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{C5C68B66-D3BF-4EF2-9AAD-8C15B10039FF}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "Kozaka" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "Kozaka" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update Kozaka" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update Kozaka" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update Kozaka" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\Kozaka\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\Kozaka\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\Kozaka\".

If Ad.Kozaka uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Agent.dqec

The following instructions have been created to help you to get rid of "Win32.Agent.dqec" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan
  • downloader

Description:

Win32.Agent.dqec installs other files and creates an autorun entry "eystouchs". It connects to remote servers in the background.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "eystouchs" and pointing to "<$PROGRAMFILES>\eystouchs\eystouchs.exe".

Important: There are more autorun entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\eystouchs\eystouchs.exe".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.dqec uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\eystouchs".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.dqec uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "eystouchs" at "HKEY_LOCAL_MACHINE\SOFTWARE\".

If Win32.Agent.dqec uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.FocusBase

The following instructions have been created to help you to get rid of "Ad.FocusBase" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.FocusBase is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbase.BOAS.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbase.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbase.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbase.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbase.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbase.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbase.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbase.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbaseBA.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbaseBAApp.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbaseBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.BOAS.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.Bromon.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.BroStats.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.BRT.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.Repmon.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\utilfocusbase.exe".
  • The file at "<$PROGRAMFILES>\focusbase\focusbase.Common.dll".
  • The file at "<$PROGRAMFILES>\focusbase\focusbase.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\focusbase\focusbase.ico".
  • The file at "<$PROGRAMFILES>\focusbase\focusbaseBHO.dll".
  • The file at "<$PROGRAMFILES>\focusbase\focusbaseuninstall.exe".
  • The file at "<$PROGRAMFILES>\focusbase\updatefocusbase.exe".
  • The file at "<$PROGRAMFILES>\focusbase\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.FocusBase uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$LOCALSETTINGS>\Temp\focusbase".
  • The directory at "<$PROGRAMFILES>\focusbase\bin\plugins".
  • The directory at "<$PROGRAMFILES>\focusbase\bin".
  • The directory at "<$PROGRAMFILES>\focusbase".

Make sure you set your file manager to display hidden and system files. If Ad.FocusBase uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "focusbase" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "focusbase" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update focusbase" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update focusbase" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update focusbase" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.FocusBase uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.EnhanceTronic

The following instructions have been created to help you to get rid of "Ad.EnhanceTronic" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.EnhanceTronic is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronic.BOAS.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronic.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronic.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronic.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronic.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronic.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronic.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronic.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronicBA.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronicBAApp.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronicBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.BOAS.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.Bromon.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.BroStats.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.BRT.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.Repmon.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\utilEnhanceTronic.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\EnhanceTronic.Common.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\EnhanceTronic.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\EnhanceTronic.ico".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\EnhanceTronicBHO.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\EnhanceTronicuninstall.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\updateEnhanceTronic.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.EnhanceTronic uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins".
  • The directory at "<$PROGRAMFILES>\EnhanceTronic\bin".
  • The directory at "<$PROGRAMFILES>\EnhanceTronic".

Make sure you set your file manager to display hidden and system files. If Ad.EnhanceTronic uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{0D9F11B5-1DC9-4F4A-9E4F-585A8A3F2108}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{EFC954FA-C553-4A4E-AF48-C5CAC214D76D}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{f530d5e8-9d18-4cba-b7cc-95944f9ebe3d}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{f530d5e8-9d18-4cba-b7cc-95944f9ebe3d}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "EnhanceTronic" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "EnhanceTronic" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update EnhanceTronic" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update EnhanceTronic" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update EnhanceTronic" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.EnhanceTronic uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.IESuper

The following instructions have been created to help you to get rid of "Ad.IESuper" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.IESuper installs a Browser Helper Object (BHO) called IESuper and changes the Internet Explorer startpage to www.d91.com.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "IESuper".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\IESuper\ies_uni.exe".
  • The file at "<$PROGRAMFILES>\IESuper\iesuper.dll".

Make sure you set your file manager to display hidden and system files. If Ad.IESuper uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\IESuper".

Make sure you set your file manager to display hidden and system files. If Ad.IESuper uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT\ named "IESuper.Obj.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "IESuper.Obj", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "IESuperHelper.Obj.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "IESuperHelper.Obj", plus associated values.
  • Delete the registry key "{1A49F431-2A2E-41a5-9080-0F41D1A3AEC1}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{1A49F431-2A2E-41a5-9080-0F41D1A3AEC2}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{1A49F431-2A2E-41a5-9080-0F41D1A3AEC2}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "IESuper" at "HKEY_CURRENT_USER\Software\".

If Ad.IESuper uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Browser:

The following browser plugins or items can either be removed directly in your browser, or through the help of e.g. Spybot-S&D or RunAlyzer.

  • Please check your bookmarks for links to "www.d91.com".

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Fralimbo

The following instructions have been created to help you to get rid of "Ad.Fralimbo" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Fralimbo is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://fralimbo.net/Privacy

Links (be careful!):

: ttp://fralimbo.net
: ttp://www.fralimbo.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{19831108-de35-4c98-b883-7bb790bfc59c}.xpi".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\Fralimbo.BOAS.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\Fralimbo.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\Fralimbo.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\Fralimbo.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\Fralimbo.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\Fralimbo.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\Fralimbo.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\Fralimbo.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\FralimboBA.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\FralimboBAApp.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\FralimboBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.BOAS.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.Bromon.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.BroStats.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.BRT.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.Repmon.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\utilFralimbo.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\Fralimbo.Common.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\Fralimbo.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\Fralimbo.ico".
  • The file at "<$PROGRAMFILES>\Fralimbo\FralimboBHO.7z".
  • The file at "<$PROGRAMFILES>\Fralimbo\FralimboBHO.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\FralimboFR.7z".
  • The file at "<$PROGRAMFILES>\Fralimbo\Fralimbouninstall.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\olmdfmecacbhbdgealggamhlglfmjbpa.crx".
  • The file at "<$PROGRAMFILES>\Fralimbo\updateFralimbo.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Fralimbo uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Fralimbo\bin\plugins".
  • The directory at "<$PROGRAMFILES>\Fralimbo\bin".
  • The directory at "<$PROGRAMFILES>\Fralimbo".

Make sure you set your file manager to display hidden and system files. If Ad.Fralimbo uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{1323DFD6-9FA2-4703-B5F5-D12060B96091}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{5dbf8f55-71ed-4e0e-8e34-7a5ef1183176}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{5dbf8f55-71ed-4e0e-8e34-7a5ef1183176}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{D3DEA360-C8E3-410C-A7B8-C72CDB38B406}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "Fralimbo" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "Fralimbo" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update Fralimbo" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update Fralimbo" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update Fralimbo" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\Fralimbo\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\Fralimbo\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\Fralimbo\".

If Ad.Fralimbo uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.DiVapton

The following instructions have been created to help you to get rid of "Ad.DiVapton" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.DiVapton is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://divapton.biz/Privacy

Links (be careful!):

: ttp://divapton.biz
: ttp://www.divapton.biz

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALSETTINGS>\Temp\DiVapton_sm.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVapton.BOAS.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVapton.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVapton.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVapton.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVapton.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVapton.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVapton.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVapton.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVaptonBA.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVaptonBAApp.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVaptonBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.BOAS.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.Bromon.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.BroStats.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.BRT.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.Repmon.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\utilDiVapton.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\cmfpfjjciophcbhnhnpbadhmdmfgceic.crx".
  • The file at "<$PROGRAMFILES>\DiVapton\DiVapton.Common.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\DiVapton.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\DiVapton.ico".
  • The file at "<$PROGRAMFILES>\DiVapton\DiVaptonBHO.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\DiVaptonuninstall.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\updateDiVapton.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.DiVapton uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\cmfpfjjciophcbhnhnpbadhmdmfgceic\1.0.0_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\cmfpfjjciophcbhnhnpbadhmdmfgceic".
  • The directory at "<$PROGRAMFILES>\DiVapton\bin\plugins".
  • The directory at "<$PROGRAMFILES>\DiVapton\bin".
  • The directory at "<$PROGRAMFILES>\DiVapton".

Make sure you set your file manager to display hidden and system files. If Ad.DiVapton uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{3bf42771-1b8a-4910-b3dc-eb330e40020a}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{3bf42771-1b8a-4910-b3dc-eb330e40020a}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{B072746D-AA37-4B49-AFC1-E26138B6C312}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{E184607D-362B-4814-86BC-095EC2A9404D}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "DiVapton" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "DiVapton" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update DiVapton" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update DiVapton" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update DiVapton" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\DiVapton\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\DiVapton\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\DiVapton\".

If Ad.DiVapton uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Fix for recent Spybot update error (updated 19th Sept 2016)

Some users have reported that they are unable to download the most recent updates for Spybot. Instructions to fix this issue can be found below.

A list of more common updating issues can be found here.

Download and install our new updater:

Our technicians have created a new Updater Installer file that will stop the existing Update Service and replace it with a new one.

You can download it from here, or using the link below:

https://download.spybot.info/Spybot2/special-purpose-test-versions/sd2-4022-updater-error-2005/spybotsd2-updater-update-trac4022-v3.exe

If this does not work for you then please try downloading the new updater from here:

https://download.spybot.info/Spybot2/special-purpose-test-versions/sd2-4022-updater-error-2005/spybotsd2-updater-update-trac4022-attempt1.exe

Please run the installer by right-clicking the file and choosing the option to “Run as administrator”.

Once you have run the installer, it should close automatically.

A new window should then open displaying the “AV Update Issue Tester Tool”.

You can then try to update Spybot again.

  • Open Spybot by right clicking on the Spybot icon and click “Run as Administrator”.
  • Tick the checkbox next to “Advanced User Mode”, if this is unticked.
  • Click on “Update”.
  • In the update window that appears, click “Update” to install the latest updates.

We apologise for the inconvenience, and we thank you for your patience in resolving this issue.

If you are still experiencing issues with updates, please take a screenshot of this window and attach it to an email to our support team.

See the following links for more information on how to take a screenshot:

http://www.take-a-screenshot.org
http://windows.microsoft.com/en-ie/windows/use-snipping-tool-capture-screen-shots#1TC=windows-8

This will allow us to better understand the issue that is causing the update failure which will enable us to come up with a permanent solution, if the initial fix does not solve the issue.

Manual Removal Guide for Win32.BHO.ctvh

The following instructions have been created to help you to get rid of "Win32.BHO.ctvh" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan
  • bho

Description:

Win32.BHO.ctvh installs a Browser Helper Object (BHO) and connects to Korean servers in the background.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "ieshowguide" and pointing to "<$PROGRAMFILES>\ieshowguide\*.exe".
  • Entries named "linkpop" and pointing to "<$PROGRAMFILES>\linkpop\*.exe".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "ieshowguide uninstall".
  • Products that have a key or property named "linkpop uninstall".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\ieshowguide\ieshowguide.dll".
  • The file at "<$PROGRAMFILES>\ieshowguide\ieshowguideup.exe".
  • The file at "<$PROGRAMFILES>\ieshowguide\uninstall.exe".
  • The file at "<$PROGRAMFILES>\linkpop\linkpop.dll".
  • The file at "<$PROGRAMFILES>\linkpop\linkpop_update.exe".
  • The file at "<$PROGRAMFILES>\linkpop\linkpopDlg.exe".
  • The file at "<$PROGRAMFILES>\linkpop\MouseHook.dll".
  • The file at "<$PROGRAMFILES>\linkpop\uninstall.exe".

Make sure you set your file manager to display hidden and system files. If Win32.BHO.ctvh uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\ieshowguide".
  • The directory at "<$PROGRAMFILES>\linkpop".

Make sure you set your file manager to display hidden and system files. If Win32.BHO.ctvh uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT\ named "ieshowguide.ieshowguideObj.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "ieshowguide.ieshowguideObj", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "linkpop.linkpopBHO.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "linkpop.linkpopBHO", plus associated values.
  • Delete the registry key "{0253CAF5-18CE-47D3-8980-A093DFFD3E32}" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "{063B5977-0BF0-425D-B8A5-124B96A71667}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{063B5977-0BF0-425D-B8A5-124B96A71667}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{57D653C4-7BC3-4F23-AA2E-350B7E168291}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{721A027C-67F3-4C79-B693-20209D5C79D4}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{7B3E25EF-0144-4CB4-AE9E-39D92239E71D}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{7D6D0E86-66B2-45CA-B1D1-04E2514ED8F7}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{7D6D0E86-66B2-45CA-B1D1-04E2514ED8F7}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{A2F87012-07BB-434A-BF58-F0DA260EABF8}" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "{D1A31BA4-D701-4A5B-997B-D7F786B98541}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{D1A31BA4-D701-4A5B-997B-D7F786B98541}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "ieshowguide.DLL" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "linkpop.DLL" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "linkpop" at "HKEY_LOCAL_MACHINE\SOFTWARE\".

If Win32.BHO.ctvh uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PersonalPCSpy

The following instructions have been created to help you to get rid of "PersonalPCSpy" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • keylogger

Description:

This Application records all keystrokes made during the session. It is invisible to all users, except to the one who installed the program. The logged keystokes can be stored in a previously created directory and are therefore not easy to be found. Those logfiles can be sent to a specified email-address. There is an option to generate an autorun entry so that the program starts any time the computer is started.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "Personal PC Spy".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$DESKTOP>\Personal PC Spy.lnk".
  • The file at "<$PROGRAMFILES>\C4EF7\LICENSE.TXT".
  • The file at "<$PROGRAMFILES>\C4EF7\Uninstall.exe".

Make sure you set your file manager to display hidden and system files. If PersonalPCSpy uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\C4EF7".
  • The directory at "<$PROGRAMS>\Personal PC Spy".

Make sure you set your file manager to display hidden and system files. If PersonalPCSpy uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Kad.barocn

The following instructions have been created to help you to get rid of "Kad.barocn" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Kad.barocn installs the Korean ‘barocn’ adware application.

Removal Instructions:

Files:

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "appcon" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "dailycon" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "nctrolsec" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "padaily" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "pendon" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "updatime" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "wepbob" at "HKEY_CURRENT_USER\Software\".

If Kad.barocn uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.WebLayers

The following instructions have been created to help you to get rid of "Ad.WebLayers" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.WebLayers is a browser add-on that displays advertisements and sponsored links.
Privacy Statement:
http://weblayers.co/Privacy
Links (be careful!):
: ttp://weblayers.co
: ttp://www.weblayers.co
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.BOAS.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.Bromon.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.BroStats.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.BRT.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.Repmon.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\utilWebLayers.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayers.BOAS.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayers.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayers.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayers.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayers.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayers.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayers.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayers.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayersBA.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayersBAApp.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayersBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\GCClient.crx".
  • The file at "<$PROGRAMFILES>\Web Layers\ghdomkkcnldpmfcefiaaahchgoinofkb.crx".
  • The file at "<$PROGRAMFILES>\Web Layers\opc.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\updater.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\updateWebLayers.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\WebLayers.Common.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\WebLayers.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\WebLayers.ico".
  • The file at "<$PROGRAMFILES>\Web Layers\WebLayersBHO.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\WebLayersOPC.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\WebLayersozr.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\WebLayersuninstall.exe".
Make sure you set your file manager to display hidden and system files. If Ad.WebLayers uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\ghdomkkcnldpmfcefiaaahchgoinofkb\1.0.0_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\ghdomkkcnldpmfcefiaaahchgoinofkb".
  • The directory at "<$PROGRAMFILES>\Web Layers\bin\plugins".
  • The directory at "<$PROGRAMFILES>\Web Layers\bin".
  • The directory at "<$PROGRAMFILES>\Web Layers".
Make sure you set your file manager to display hidden and system files. If Ad.WebLayers uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{392E0193-4BB3-4F94-9ACA-414B7803E687}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{976d7863-9e6c-4066-8c67-0993db9de35f}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{976d7863-9e6c-4066-8c67-0993db9de35f}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{A3F7FF24-4FDE-43AA-989E-554404B37313}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "Update Web Layers" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update Web Layers" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update Web Layers" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry key "Web Layers" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "Web Layers" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
If Ad.WebLayers uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.BHO.cxpt

The following instructions have been created to help you to get rid of "Win32.BHO.cxpt" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan
  • bho

Description:

Win32.BHO.cxpt installs a Browser Helper Object (BHO) called NetSolutionObj and connects to korean servers in background.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "netsolution" and pointing to "<$PROGRAMFILES>\netsolution\netsolutionup.exe".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "netsolution uninstall".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\netsolution\netsolution.dll".
  • The file at "<$PROGRAMFILES>\netsolution\netsolutionup.exe".
  • The file at "<$PROGRAMFILES>\netsolution\uninstall.exe".

Make sure you set your file manager to display hidden and system files. If Win32.BHO.cxpt uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\netsolution".

Make sure you set your file manager to display hidden and system files. If Win32.BHO.cxpt uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT\ named "NetSolution.NetSolutionObj.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "NetSolution.NetSolutionObj", plus associated values.
  • Delete the registry key "{5BCF99F6-DB8D-42ED-9D2B-C65E95B21625}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{5BCF99F6-DB8D-42ED-9D2B-C65E95B21625}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{B8D31E96-0612-4621-9FB4-3692A0418475}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{C85AA9A8-2ADB-4914-8CC4-F8495C41540F}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{C9A3004C-54D7-409C-A5FC-22619592BF6C}" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "NetSolution.DLL" at "HKEY_CLASSES_ROOT\AppID\".

If Win32.BHO.cxpt uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.Pccapplus

The following instructions have been created to help you to get rid of "PU.Pccapplus" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.Pccapplus creates a directory in programfiles and an autorun entry "pccap" to run on system startup. It connects to Korean servers.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "pccap" and pointing to "<$PROGRAMFILES>\Pccapplus\Pccap.exe".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\Pccapplus\Pccap.exe".
  • The file at "<$PROGRAMFILES>\Pccapplus\uninstall.exe".

Make sure you set your file manager to display hidden and system files. If PU.Pccapplus uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Pccapplus".

Make sure you set your file manager to display hidden and system files. If PU.Pccapplus uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "pccap uninstall" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".

If PU.Pccapplus uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.RankRomp

The following instructions have been created to help you to get rid of "Ad.RankRomp" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.RankRomp is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.BOAS.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.Bromon.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.BroStats.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.BRT.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.Repmon.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankromp.BOAS.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankromp.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankromp.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankromp.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankromp.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankromp.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankromp.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankromp.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankrompBA.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankrompBAApp.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankrompBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\utilrankromp.exe".
  • The file at "<$PROGRAMFILES>\rankromp\rankromp.Common.dll".
  • The file at "<$PROGRAMFILES>\rankromp\rankromp.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\rankromp\rankromp.ico".
  • The file at "<$PROGRAMFILES>\rankromp\rankrompBHO.dll".
  • The file at "<$PROGRAMFILES>\rankromp\rankrompuninstall.exe".
  • The file at "<$PROGRAMFILES>\rankromp\updater.exe".
  • The file at "<$PROGRAMFILES>\rankromp\updaterankromp.exe".

Make sure you set your file manager to display hidden and system files. If Ad.RankRomp uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\rankromp\bin\plugins".
  • The directory at "<$PROGRAMFILES>\rankromp\bin".
  • The directory at "<$PROGRAMFILES>\rankromp".

Make sure you set your file manager to display hidden and system files. If Ad.RankRomp uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "rankromp" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "rankromp" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update rankromp" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update rankromp" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update rankromp" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.RankRomp uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.RambleRoam

The following instructions have been created to help you to get rid of "Ad.RambleRoam" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.RambleRoam is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.BOAS.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.Bromon.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.BroStats.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.BRT.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.Repmon.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoam.BOAS.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoam.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoam.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoam.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoam.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoam.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoam.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoam.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoamBA.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoamBAApp.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoamBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\utilRambleRoam.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\RambleRoam.Common.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\RambleRoam.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\RambleRoam.ico".
  • The file at "<$PROGRAMFILES>\RambleRoam\RambleRoamBHO.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\RambleRoamuninstall.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\updater.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\updateRambleRoam.exe".

Make sure you set your file manager to display hidden and system files. If Ad.RambleRoam uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\RambleRoam\bin\plugins".
  • The directory at "<$PROGRAMFILES>\RambleRoam\bin".
  • The directory at "<$PROGRAMFILES>\RambleRoam".

Make sure you set your file manager to display hidden and system files. If Ad.RambleRoam uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "RambleRoam" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "RambleRoam" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update RambleRoam" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update RambleRoam" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update RambleRoam" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.RambleRoam uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.FakeAV

The following instructions have been created to help you to get rid of "Win32.FakeAV" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • malware

Description:

Win32.FakeAV claims to be an antimalware tool. When it is installed to the computer it finds a lot of harmless entries in order to frighten the user and make him buy a license to get the issues fixed.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$COMMONAPPDATA>\isecurity.exe".
  • The file at "<$COMMONDESKTOP>\Internet Security.lnk".

Make sure you set your file manager to display hidden and system files. If Win32.FakeAV uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.NetTock

The following instructions have been created to help you to get rid of "Ad.NetTock" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.NetTock is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://www.nettock.com/Privacy

Links (be careful!):

: ttp://nettock.com/
: ttp://www.nettock.com/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{0bd9bacb-0a2d-4412-900e-b2473afd87b4}.xpi".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTock.BOAS.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTock.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTock.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTock.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTock.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTock.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTock.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTock.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTockBA.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTockBAApp.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTockBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.BOAS.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.Bromon.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.BroStats.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.BRT.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.Repmon.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\utilNetTock.exe".
  • The file at "<$PROGRAMFILES>\NetTock\NetTock.Common.dll".
  • The file at "<$PROGRAMFILES>\NetTock\NetTock.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\NetTock\NetTock.ico".
  • The file at "<$PROGRAMFILES>\NetTock\NetTockBHO.dll".
  • The file at "<$PROGRAMFILES>\NetTock\NetTockun.exe".
  • The file at "<$PROGRAMFILES>\NetTock\NetTockuninstall.exe".
  • The file at "<$PROGRAMFILES>\NetTock\updateNetTock.exe".
  • The file at "<$PROGRAMFILES>\NetTock\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.NetTock uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\NetTock\bin\plugins".
  • The directory at "<$PROGRAMFILES>\NetTock\bin".
  • The directory at "<$PROGRAMFILES>\NetTock".

Make sure you set your file manager to display hidden and system files. If Ad.NetTock uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{0909C19E-BD9D-44C1-AAC5-72884EAF0AD3}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{3cfaf932-a9cb-4e59-99a0-fe04e9df9328}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{3cfaf932-a9cb-4e59-99a0-fe04e9df9328}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{BB54C027-0FB6-42DA-97F1-52CE16826ACB}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "NetTock" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "NetTock" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update NetTock" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update NetTock" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update NetTock" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\NetTock\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\NetTock\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\NetTock\".

If Ad.NetTock uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Lamilov

The following instructions have been created to help you to get rid of "Ad.Lamilov" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Lamilov is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://lamilov.info/Privacy

Links (be careful!):

: ttp://lamilov.info
: ttp://www.lamilov.info

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{b69c858d-e83a-4e53-8894-037cf1ba2c41}.xpi".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilov.BOAS.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilov.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilov.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilov.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilov.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilov.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilov.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilov.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilovBA.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilovBAApp.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilovBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.BOAS.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.Bromon.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.BroStats.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.BRT.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.Repmon.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\utillamilov.exe".
  • The file at "<$PROGRAMFILES>\lamilov\lamilov.Common.dll".
  • The file at "<$PROGRAMFILES>\lamilov\lamilov.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\lamilov\lamilov.ico".
  • The file at "<$PROGRAMFILES>\lamilov\lamilovBHO.dll".
  • The file at "<$PROGRAMFILES>\lamilov\lamilovuninstall.exe".
  • The file at "<$PROGRAMFILES>\lamilov\ldgjcacgdjjknibkhhhnkoamogikbjan.crx".
  • The file at "<$PROGRAMFILES>\lamilov\updatelamilov.exe".
  • The file at "<$PROGRAMFILES>\lamilov\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Lamilov uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\ldgjcacgdjjknibkhhhnkoamogikbjan\1.0.1_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\ldgjcacgdjjknibkhhhnkoamogikbjan".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Local Extension Settings\ldgjcacgdjjknibkhhhnkoamogikbjan".
  • The directory at "<$PROGRAMFILES>\lamilov\bin\plugins".
  • The directory at "<$PROGRAMFILES>\lamilov\bin".
  • The directory at "<$PROGRAMFILES>\lamilov".

Make sure you set your file manager to display hidden and system files. If Ad.Lamilov uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{379ba324-2d91-4616-8f29-482ab76be407}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{379ba324-2d91-4616-8f29-482ab76be407}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{BD0FECD1-5A09-4426-B78A-412AAE15DE15}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{DA322702-4D2A-4286-B90F-0F235ED4DBD2}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "lamilov" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "lamilov" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update lamilov" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update lamilov" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update lamilov" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\lamilov\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\lamilov\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\lamilov\".

If Ad.Lamilov uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.StartPage

The following instructions have been created to help you to get rid of "Win32.StartPage" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • malware

Description:

Win32.StartPage drops a file to the Appdata folder and creates an autorun entry for it. Once run it changes registry settings and the start pages of the Internet Explorer and Mozilla Firefox.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "index.reg".

Make sure you set your file manager to display hidden and system files. If Win32.StartPage uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Remove "http://www.uzzf.com/?p" from registry value "Start Page" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\".
  • Remove "http://www.xueshangwang.com/?ie" from registry value "Start Page" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\".

If Win32.StartPage uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Browser:

The following browser plugins or items can either be removed directly in your browser, or through the help of e.g. Spybot-S&D or RunAlyzer.

  • Please check your bookmarks for links to "http://www.uzzf.com".
  • Please check your bookmarks for links to "http://www.xueshangwang.com".

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SolteraTop

The following instructions have been created to help you to get rid of "Ad.SolteraTop" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.SolteraTop is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://solteratop.info/Download

Links (be careful!):

: ttp://solteratop.info
: ttp://www.solteratop.info

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{49148009-4e93-47dc-bbfb-b74de0a7fd19}.xpi".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.BOAS.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.Bromon.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.BroStats.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.BRT.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.Repmon.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratop.BOAS.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratop.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratop.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratop.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratop.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratop.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratop.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratop.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratopBA.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratopBAApp.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratopBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\utilsolteratop.exe".
  • The file at "<$PROGRAMFILES>\solteratop\jlmgdgegcicamjncelohnaebbmkaccel.crx".
  • The file at "<$PROGRAMFILES>\solteratop\solteratop.Common.dll".
  • The file at "<$PROGRAMFILES>\solteratop\solteratop.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\solteratop\solteratop.ico".
  • The file at "<$PROGRAMFILES>\solteratop\solteratopBHO.dll".
  • The file at "<$PROGRAMFILES>\solteratop\solteratopuninstall.exe".
  • The file at "<$PROGRAMFILES>\solteratop\updater.exe".
  • The file at "<$PROGRAMFILES>\solteratop\updatesolteratop.exe".

Make sure you set your file manager to display hidden and system files. If Ad.SolteraTop uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\jlmgdgegcicamjncelohnaebbmkaccel\1.0.1_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\jlmgdgegcicamjncelohnaebbmkaccel".
  • The directory at "<$PROGRAMFILES>\solteratop\bin\plugins".
  • The directory at "<$PROGRAMFILES>\solteratop\bin".
  • The directory at "<$PROGRAMFILES>\solteratop".

Make sure you set your file manager to display hidden and system files. If Ad.SolteraTop uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{35A3F0CD-C16E-491C-84C2-F5B1D86C429B}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{5aad43b7-8f9d-4d7b-a01e-c9c24ab250ae}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{5aad43b7-8f9d-4d7b-a01e-c9c24ab250ae}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{70250009-1A09-4333-8764-4F81F3124057}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "solteratop" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "solteratop" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update solteratop" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update solteratop" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update solteratop" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\solteratop\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\solteratop\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\solteratop\".

If Ad.SolteraTop uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.RockTurner

The following instructions have been created to help you to get rid of "Ad.RockTurner" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.RockTurner is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.BOAS.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.Bromon.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.BroStats.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.BRT.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.Repmon.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurner.BOAS.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurner.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurner.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurner.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurner.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurner.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurner.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurner.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurnerBA.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurnerBAApp.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurnerBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\utilRockTurner.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\XTLSApp.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\RockTurner.Common.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\RockTurner.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\RockTurner.ico".
  • The file at "<$PROGRAMFILES>\Rock Turner\RockTurnerBHO.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\RockTurneruninstall.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\updater.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\updateRockTurner.exe".

Make sure you set your file manager to display hidden and system files. If Ad.RockTurner uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Rock Turner\bin\plugins".
  • The directory at "<$PROGRAMFILES>\Rock Turner\bin".
  • The directory at "<$PROGRAMFILES>\RockTurner".

Make sure you set your file manager to display hidden and system files. If Ad.RockTurner uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "RockTurner" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "RockTurner" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update RockTurner" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update RockTurner" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update RockTurner" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.RockTurner uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.BatBrowse

The following instructions have been created to help you to get rid of "Ad.BatBrowse" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.BatBrowse is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://batbrowse.com/Privacy

Links (be careful!):

: ttp://batbrowse.com
: ttp://www.batbrowse.com

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "firefox@batbrowse.com.xpi".
  • The file at "<$PROGRAMFILES>\BatBrowse\BatBrowse.Common.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\BatBrowse.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\BatBrowse.ico".
  • The file at "<$PROGRAMFILES>\BatBrowse\BatBrowseBHO.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\BatBrowseuninstall.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowse.BOAS.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowse.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowse.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowse.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowse.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowse.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowse.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowse.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowseBA.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowseBAApp.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowseBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.BOAS.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.Bromon.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.BroStats.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.BRT.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.Repmon.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\utilBatBrowse.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\ccncljhbalbbkkfgopogabimepmfkmff.crx".
  • The file at "<$PROGRAMFILES>\BatBrowse\updateBatBrowse.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.BatBrowse uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\ccncljhbalbbkkfgopogabimepmfkmff\1.0.0_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\ccncljhbalbbkkfgopogabimepmfkmff".
  • The directory at "<$PROGRAMFILES>\BatBrowse\bin\plugins".
  • The directory at "<$PROGRAMFILES>\BatBrowse\bin".
  • The directory at "<$PROGRAMFILES>\BatBrowse".

Make sure you set your file manager to display hidden and system files. If Ad.BatBrowse uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{76c598c9-f0f8-494f-a507-ae041f69a58c}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{76c598c9-f0f8-494f-a507-ae041f69a58c}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{A9FA5AF2-AB24-482F-94E7-59BBAADCB878}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{DA81E6DC-0C3A-48C4-B9CD-9BB68753C95F}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "BatBrowse" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "BatBrowse" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update BatBrowse" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update BatBrowse" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update BatBrowse" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\BatBrowse\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\BatBrowse\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\BatBrowse\".

If Ad.BatBrowse uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SwizzleBiz

The following instructions have been created to help you to get rid of "Ad.SwizzleBiz" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.SwizzleBiz is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://swizzlebiz.biz/Privacy

Links (be careful!):

: ttp://swizzlebiz.biz/
: ttp://www.swizzlebiz.biz/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{49e51043-d75a-40d9-8746-5be1e5685c73}.xpi".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.BOAS.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.Bromon.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.BroStats.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.BRT.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.Repmon.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBiz.BOAS.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBiz.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBiz.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBiz.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBiz.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBiz.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBiz.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBiz.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBizBA.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBizBAApp.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBizBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\utilSwizzleBiz.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\XTLSApp.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\SwizzleBiz.Common.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\SwizzleBiz.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\SwizzleBiz.ico".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\SwizzleBizBHO.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\SwizzleBizuninstall.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\updater.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\updateSwizzleBiz.exe".

Make sure you set your file manager to display hidden and system files. If Ad.SwizzleBiz uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins".
  • The directory at "<$PROGRAMFILES>\SwizzleBiz\bin".
  • The directory at "<$PROGRAMFILES>\SwizzleBiz".

Make sure you set your file manager to display hidden and system files. If Ad.SwizzleBiz uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{17EE4DB7-FB6D-4F57-92E9-D741ECC2C887}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{3398193f-64ac-4438-a9f9-b0aff74b90a8}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{3398193f-64ac-4438-a9f9-b0aff74b90a8}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{89ACE2A5-E818-4A9E-9863-711C977FC4BC}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "SwizzleBiz" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "SwizzleBiz" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update SwizzleBiz" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update SwizzleBiz" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update SwizzleBiz" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\SwizzleBiz\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\SwizzleBiz\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\SwizzleBiz\".

If Ad.SwizzleBiz uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Strictor

The following instructions have been created to help you to get rid of "Ad.Strictor" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.Strictor offers adware bundled installers that drop adware and possibly unwanted programs during execution.

Removal Instructions:

Autorun:

Important: There are more autorun entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALSETTINGS>\Temp\photo.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Strictor uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "9e16c401f72f35f8d08e45d698def37c" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry value "<$LOCALSETTINGS>\Temp\photo.exe" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\".
  • Delete the registry value "<$LOCALSETTINGS>\Temp\photo.exe" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\".
  • Delete the registry value "<$LOCALSETTINGS>\Temp\photo.exe" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\".

If Ad.Strictor uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.LookingLink

The following instructions have been created to help you to get rid of "Ad.LookingLink" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.LookingLink is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://lookinglink.info/Privacy

Links (be careful!):

: ttp://lookinglink.info
: ttp://www.lookinglink.info

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{7f6d153f-9819-4c98-96fb-5c6aa213f0ea}.xpi".
  • The file at "<$PROGRAMFILES>\lookinglink\alakbkblgilodacnlnmcoiofdjakliih.crx".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglink.BOAS.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglink.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglink.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglink.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglink.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglink.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglink.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglink.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglinkBA.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglinkBAApp.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglinkBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.BOAS.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.Bromon.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.BroStats.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.BRT.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.Repmon.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\utillookinglink.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\XTLS.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\XTLSApp.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\lookinglink.Common.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\lookinglink.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\lookinglink.ico".
  • The file at "<$PROGRAMFILES>\lookinglink\lookinglinkBHO.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\lookinglinkuninstall.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\updatelookinglink.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.LookingLink uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\alakbkblgilodacnlnmcoiofdjakliih\1.0.0_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\alakbkblgilodacnlnmcoiofdjakliih".
  • The directory at "<$PROGRAMFILES>\lookinglink\bin\plugins".
  • The directory at "<$PROGRAMFILES>\lookinglink\bin".
  • The directory at "<$PROGRAMFILES>\lookinglink".

Make sure you set your file manager to display hidden and system files. If Ad.LookingLink uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{17513F18-4EB9-49B5-881C-465A2688C87F}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{84dfb3ca-9212-4fba-bf3a-a66c4a02a48f}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{84dfb3ca-9212-4fba-bf3a-a66c4a02a48f}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{EB317E41-9AA7-487A-8060-B81657E8D68A}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "lookinglink" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "lookinglink" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update lookinglink" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update lookinglink" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update lookinglink" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\lookinglink\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\lookinglink\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\lookinglink\".

If Ad.LookingLink uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.GameClubLauncher

The following instructions have been created to help you to get rid of "PU.GameClubLauncher" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.GameClubLauncher creates files within a program files folder and several link on the users desktop.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$DESKTOP>\Gameclub Philippines.url".
  • The file at "<$DESKTOP>\Mini Gameclub.url".
  • The file at "<$DESKTOP>\Texas Jackpot Poker.url".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\Gameclub.ico".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\Global.cki".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\MiniGameclub.ico".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\Reviser.exe".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\Script.mgs".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\Starter.cfg".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\Starter.exe".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\TexasJackpotPoker.ico".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\uninst.exe".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\VersionInfo.dat".

Make sure you set your file manager to display hidden and system files. If PU.GameClubLauncher uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\GameClub Launcher\PH\0000".
  • The directory at "<$PROGRAMFILES>\GameClub Launcher\PH\0001".
  • The directory at "<$PROGRAMFILES>\GameClub Launcher\PH\0002".
  • The directory at "<$PROGRAMFILES>\GameClub Launcher\PH\0004".
  • The directory at "<$PROGRAMFILES>\GameClub Launcher\PH".
  • The directory at "<$PROGRAMFILES>\GameClub Launcher".

Make sure you set your file manager to display hidden and system files. If PU.GameClubLauncher uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{BBD9FAD7-F782-4548-B00F-E612322950F6}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "MYGAME" at "HKEY_LOCAL_MACHINE\SOFTWARE\".

If PU.GameClubLauncher uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.ZDigHouse

The following instructions have been created to help you to get rid of "Ad.ZDigHouse" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.ZDigHouse installs a BHO (Browser Helper Object ) and more unwanted extensions to default web browsers.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$COMMONAPPDATA>\lnfjoafpdkcphoedkmhbpodcgbndkmpc\lnfjoafpdkcphoedkmhbpodcgbndkmpc.crx".

Make sure you set your file manager to display hidden and system files. If Ad.ZDigHouse uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$COMMONAPPDATA>\lnfjoafpdkcphoedkmhbpodcgbndkmpc".
  • The directory at "<$COMMONAPPDATA>\Z Digital House".
  • The directory at "<$PROGRAMFILES>\Z Digital House".

Make sure you set your file manager to display hidden and system files. If Ad.ZDigHouse uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{7B353DF3-83BB-AFDA-B10E-1018B627E55D}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{F47E71D6-CDCF-8EA6-D676-E7935EE70D47}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{F47E71D6-CDCF-8EA6-D676-E7935EE70D47}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "House" at "HKEY_CLASSES_ROOT".
  • Delete the registry key "lnfjoafpdkcphoedkmhbpodcgbndkmpc" at "HKEY_LOCAL_MACHINE\SOFTWARE\Comodo\Dragon\Extensions\".
  • Delete the registry key "lnfjoafpdkcphoedkmhbpodcgbndkmpc" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome SxS\Extensions\".
  • Delete the registry key "lnfjoafpdkcphoedkmhbpodcgbndkmpc" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\".

If Ad.ZDigHouse uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.MegaSearch

The following instructions have been created to help you to get rid of "Ad.MegaSearch" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.MegaSearch installs a BHO (Browser Helper Object ) and more unwanted extensions to default web browsers.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$COMMONAPPDATA>\ihhkipdhppgphaaknehadkmaahfmohko\ihhkipdhppgphaaknehadkmaahfmohko.crx".

Make sure you set your file manager to display hidden and system files. If Ad.MegaSearch uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\ihhkipdhppgphaaknehadkmaahfmohko".
  • The directory at "<$COMMONAPPDATA>\BeeMP3".
  • The directory at "<$COMMONAPPDATA>\ihhkipdhppgphaaknehadkmaahfmohko".
  • The directory at "<$PROGRAMFILES>\BeeMP3".
  • The directory at "<$PROGRAMFILES>\Mozilla Firefox\browser\extensions\529f7867fc6e4@529f7867fc6e5.com".

Make sure you set your file manager to display hidden and system files. If Ad.MegaSearch uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT\ named "BeeMP3.BeeMP3.4.0", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "BeeMP3.BeeMP3", plus associated values.
  • Delete the registry key "{8A13C970-2955-3ED9-349D-44A476B07E51}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{8A13C970-2955-3ED9-349D-44A476B07E51}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{97D51208-27E3-4EC3-2611-BA4EB63219A1}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "ihhkipdhppgphaaknehadkmaahfmohko" at "HKEY_LOCAL_MACHINE\SOFTWARE\Comodo\Dragon\Extensions\".
  • Delete the registry key "ihhkipdhppgphaaknehadkmaahfmohko" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome SxS\Extensions\".
  • Delete the registry key "ihhkipdhppgphaaknehadkmaahfmohko" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\".
  • Delete the registry key "ihhkipdhppgphaaknehadkmaahfmohko" at "HKEY_LOCAL_MACHINE\SOFTWARE\Torch\Extensions\".

If Ad.MegaSearch uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Swizzor.st

The following instructions have been created to help you to get rid of "Win32.Swizzor.st" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan

Description:

Swizzor variant. Copies the Trojan file ‘mswinexe.exe’ into the system directory and redirects shell and userinit variables to it. This Swizzor variants operates with redirecting JS files.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$SYSDIR>\mswinexe.exe".

Make sure you set your file manager to display hidden and system files. If Win32.Swizzor.st uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "DEADBOOBSUPPORT" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "seek one blue" at "HKEY_CURRENT_USER\Software\DEADBOOBSUPPORT\".
  • Delete the registry value "messcash" at "HKEY_CURRENT_USER\Software\DEADBOOBSUPPORT\".
  • Delete the registry value "WindowsExplorer" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\".
  • Remove "<regexpr> .<$SYSDIR>\\mswinexe\.exe." from registry value "Shell" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon".
  • Remove "<regexpr>.<$SYSDIR>\\mswinexe\.exe.\," from registry value "Userinit" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon".

If Win32.Swizzor.st uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.KeepSurf

The following instructions have been created to help you to get rid of "Ad.KeepSurf" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.KeepSurf installs a BHO (Browser Helper Object) and more unwanted extensions to default web browsers.

Removal Instructions:

Files:

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$COMMONAPPDATA>\Surf! Ande kEep".
  • The directory at "<$PROGRAMFILES>\Surf! Ande kEep".

Make sure you set your file manager to display hidden and system files. If Ad.KeepSurf uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT\ named "keEp.Surf", plus associated values.
  • Delete the registry key "{98A32620-11A0-4221-2448-8257D88E0FDD}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{98A32620-11A0-4221-2448-8257D88E0FDD}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall".

If Ad.KeepSurf uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Karatoh

The following instructions have been created to help you to get rid of "Ad.Karatoh" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Karatoh is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://www.karatoh.com/Download

Links (be careful!):

: ttp://www.karatoh.com
: ttp://www.karatoh.com/Uninstall

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\karatoh\bin\karatoh.BOAS.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatoh.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatoh.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatoh.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatoh.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatoh.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatoh.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatoh.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatohBA.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatohBAApp.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatohBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.BOAS.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.Bromon.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.BroStats.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.BRT.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.Repmon.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\utilkaratoh.exe".
  • The file at "<$PROGRAMFILES>\karatoh\karatoh.Common.dll".
  • The file at "<$PROGRAMFILES>\karatoh\karatoh.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\karatoh\karatoh.ico".
  • The file at "<$PROGRAMFILES>\karatoh\karatohBHO.dll".
  • The file at "<$PROGRAMFILES>\karatoh\karatohuninstall.exe".
  • The file at "<$PROGRAMFILES>\karatoh\updatekaratoh.exe".
  • The file at "<$PROGRAMFILES>\karatoh\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Karatoh uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\karatoh\bin\plugins".
  • The directory at "<$PROGRAMFILES>\karatoh\bin".
  • The directory at "<$PROGRAMFILES>\karatoh".

Make sure you set your file manager to display hidden and system files. If Ad.Karatoh uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "karatoh" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "karatoh" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update karatoh" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update karatoh" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update karatoh" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.Karatoh uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.JumpFlip

The following instructions have been created to help you to get rid of "Ad.JumpFlip" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.JumpFlip is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://jumpflip.net/Privacy

Links (be careful!):

: ttp://jumpflip.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlip.BOAS.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlip.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlip.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlip.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlip.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlip.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlip.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlip.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlipBA.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlipBAApp.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlipBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.BOAS.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.Bromon.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.BroStats.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.BRT.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.Repmon.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\utilJumpFlip.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx".
  • The file at "<$PROGRAMFILES>\Jump Flip\JumpFlip.Common.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\JumpFlip.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\JumpFlip.ico".
  • The file at "<$PROGRAMFILES>\Jump Flip\JumpFlipBHO.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\JumpFlipuninstall.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\updateJumpFlip.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.JumpFlip uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\hphehadppenpmajgnkjdcopcfijjegaf\1.0.0_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\hphehadppenpmajgnkjdcopcfijjegaf".
  • The directory at "<$PROGRAMFILES>\Jump Flip\bin\plugins".
  • The directory at "<$PROGRAMFILES>\Jump Flip\bin".
  • The directory at "<$PROGRAMFILES>\Jump Flip".

Make sure you set your file manager to display hidden and system files. If Ad.JumpFlip uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{08A93781-1BA0-4B59-87F6-2C80C8956E03}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{4318395F-DFF1-48AF-B5F0-958E93D16D56}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{50A084CA-17CF-48B8-9BCD-6D5CA2C3B60E}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{6db9fdfe-b718-4962-be0c-0a5fce7f7f7b}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{6db9fdfe-b718-4962-be0c-0a5fce7f7f7b}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{76BF10AB-CEAD-456F-9218-5F46B1683DB1}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{b630c560-975d-41a3-9a95-cbc23ad991e4}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{b630c560-975d-41a3-9a95-cbc23ad991e4}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{F325945D-DAFE-4312-95D8-1913AEB1D810}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "JumpFlip" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "JumpFlip" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update JumpFlip" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update JumpFlip" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update JumpFlip" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.JumpFlip uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.CrankWeb

The following instructions have been created to help you to get rid of "Ad.CrankWeb" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.CrankWeb claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://crankweb.com/Privacy

Links (be careful!):

: ttp://crankweb.com/
: ttp://www.crankweb.com/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWeb.BOAS.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWeb.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWeb.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWeb.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWeb.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWeb.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWeb.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWeb.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWebBA.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWebBAApp.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWebBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.BOAS.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.Bromon.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.BroStats.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.BRT.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.Repmon.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\utilCrankWeb.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\CrankWeb.Common.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\CrankWeb.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\CrankWeb.ico".
  • The file at "<$PROGRAMFILES>\CrankWeb\CrankWebBHO.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\CrankWebuninstall.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\gcmogoancjjkccghamldiebenbnhgdhd.crx".
  • The file at "<$PROGRAMFILES>\CrankWeb\updateCrankWeb.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.CrankWeb uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\gcmogoancjjkccghamldiebenbnhgdhd\1.0.1_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\gcmogoancjjkccghamldiebenbnhgdhd".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Local Extension Settings\gcmogoancjjkccghamldiebenbnhgdhd".
  • The directory at "<$PROGRAMFILES>\CrankWeb\bin\plugins".
  • The directory at "<$PROGRAMFILES>\CrankWeb\bin".
  • The directory at "<$PROGRAMFILES>\CrankWeb".

Make sure you set your file manager to display hidden and system files. If Ad.CrankWeb uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{3b366aa1-f886-4aff-87a4-9e317d0d4dfd}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{3b366aa1-f886-4aff-87a4-9e317d0d4dfd}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{B7D1C730-435F-4DDC-B927-FDAB205FCAF2}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{C7A5892E-9070-4247-AB7C-BC2A593358F7}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "crankweb.com" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\".
  • Delete the registry key "CrankWeb" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "CrankWeb" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USER\Software\CrankWeb\".
  • Delete the registry key "Update CrankWeb" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update CrankWeb" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update CrankWeb" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\CrankWeb\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\CrankWeb\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\CrankWeb\".

If Ad.CrankWeb uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Kraddare

The following instructions have been created to help you to get rid of "Win32.Kraddare" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Win32.Kraddare installs unwanted adware clinets.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "signkey" and pointing to "<$LOCALAPPDATA>\signkey\signkey.exe".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALAPPDATA>\signkey\iesignkey.exe".
  • The file at "<$LOCALAPPDATA>\signkey\signkey.exe".
  • The file at "<$LOCALAPPDATA>\signkey\skun.exe".

Make sure you set your file manager to display hidden and system files. If Win32.Kraddare uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$LOCALAPPDATA>\signkey".

Make sure you set your file manager to display hidden and system files. If Win32.Kraddare uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "signkey" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "signkey" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Remove "<regexpr>[A-Za-z ] " from registry value "Partner" at "HKEY_CURRENT_USER\Software\signkey\".

If Win32.Kraddare uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Agent.rmh

The following instructions have been created to help you to get rid of "Win32.Agent.rmh" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan

Description:

Win32.Agent.rmh connects to remote servers in the background.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\WithMoa\except.ini".
  • The file at "<$PROGRAMFILES>\WithMoa\IUtil.ini".
  • The file at "<$PROGRAMFILES>\WithMoa\uninstall.exe".
  • The file at "<$PROGRAMFILES>\WithMoa\widlib.dll".
  • The file at "<$PROGRAMFILES>\WithMoa\widmoa.dll".
  • The file at "<$PROGRAMFILES>\WithMoa\widservice.exe".
  • The file at "<$PROGRAMFILES>\WithMoa\withmoa.exe".
  • The file at "<$PROGRAMFILES>\WithMoa\withmoaun.exe".
  • The file at "<$WINDIR>\SYSTEM32\withmoaAX.ocx".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.rmh uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\WithMoa".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.rmh uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "anyfund" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "anyfund" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
  • Delete the registry value "change" at "HKEY_CURRENT_USER\Software\anyfund\".
  • Delete the registry value "today" at "HKEY_LOCAL_MACHINE\SOFTWARE\anyfund\".

If Win32.Agent.rmh uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.BuzzSearch

The following instructions have been created to help you to get rid of "Ad.BuzzSearch" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.BuzzSearch claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.mybuzzsearch.com/Privacy

Links (be careful!):

: ttp://mybuzzsearch.com
: ttp://www.mybuzzsearch.com

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.BOAS.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearchBA.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearchBAApp.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearchBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BOAS.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.Bromon.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BroStats.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BRT.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.Repmon.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\utilBuzzSearch.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\BuzzSearch.Common.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\BuzzSearch.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\BuzzSearch.ico".
  • The file at "<$PROGRAMFILES>\BuzzSearch\BuzzSearchBHO.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\BuzzSearchuninstall.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\jhjjdgbhohaallcimgcmakfiobacimkm.crx".
  • The file at "<$PROGRAMFILES>\BuzzSearch\updateBuzzSearch.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.BuzzSearch uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.0_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm".
  • The directory at "<$PROGRAMFILES>\BuzzSearch\bin\plugins".
  • The directory at "<$PROGRAMFILES>\BuzzSearch\bin".
  • The directory at "<$PROGRAMFILES>\BuzzSearch".

Make sure you set your file manager to display hidden and system files. If Ad.BuzzSearch uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{396ECD31-EDF7-489F-BDA1-83DBA4C36E81}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{5cf5a690-c8f4-488e-9d20-f21aef602d41}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{5cf5a690-c8f4-488e-9d20-f21aef602d41}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{D0EC4142-5808-41D2-A4DC-6081CF1A9693}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "BuzzSearch" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "BuzzSearch" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update BuzzSearch" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update BuzzSearch" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update BuzzSearch" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\BuzzSearch\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\BuzzSearch\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\BuzzSearch\".

If Ad.BuzzSearch uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.BrowseBeyond

The following instructions have been created to help you to get rid of "Ad.BrowseBeyond" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.BrowseBeyond is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://browsebeyond.net/Privacy

Links (be careful!):

: ttp://browsebeyond.net
: ttp://www.browsebeyond.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\Browsebeyond.BOAS.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\Browsebeyond.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\Browsebeyond.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\Browsebeyond.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\Browsebeyond.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\Browsebeyond.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\Browsebeyond.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\Browsebeyond.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\BrowsebeyondBA.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\BrowsebeyondBAApp.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\BrowsebeyondBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.BOAS.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.Bromon.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.BroStats.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.BRT.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.Repmon.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\utilBrowsebeyond.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\Browsebeyond.Common.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\Browsebeyond.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\Browsebeyond.ico".
  • The file at "<$PROGRAMFILES>\Browsebeyond\BrowsebeyondBHO.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\Browsebeyonduninstall.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\jldbooabopmhfgjpnlaobgfdlkmpbdna.crx".
  • The file at "<$PROGRAMFILES>\Browsebeyond\updateBrowsebeyond.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.BrowseBeyond uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\jldbooabopmhfgjpnlaobgfdlkmpbdna\1.0.0_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\jldbooabopmhfgjpnlaobgfdlkmpbdna".
  • The directory at "<$PROGRAMFILES>\Browsebeyond\bin\plugins".
  • The directory at "<$PROGRAMFILES>\Browsebeyond\bin".
  • The directory at "<$PROGRAMFILES>\Browsebeyond".

Make sure you set your file manager to display hidden and system files. If Ad.BrowseBeyond uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{39A85641-67C3-40B7-AE1F-F3D034B167A9}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{81E4892A-7E59-408C-AD31-A913E05AB8A3}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{f04a89fa-d7e3-4fbd-9569-502b4cad4347}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{f04a89fa-d7e3-4fbd-9569-502b4cad4347}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "Browsebeyond" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "Browsebeyond" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update Browsebeyond" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update Browsebeyond" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update Browsebeyond" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\Browsebeyond\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\Browsebeyond\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\Browsebeyond\".

If Ad.BrowseBeyond uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.YiqilaiLyrics

The following instructions have been created to help you to get rid of "Ad.YiqilaiLyrics" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.YiqilaiLyrics is a chinese adware that infiltrates Mediaplayer and Internet Explorer.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "YiqilaiLyrics".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\Yiqilai\foobar\foo_vis_yqllyrics.dll".
  • The file at "<$PROGRAMFILES>\Yiqilai\lib\YQL_Lyrics_Common.dll".
  • The file at "<$PROGRAMFILES>\Yiqilai\realplayer\real_vis_yqllyrics.rpv".
  • The file at "<$PROGRAMFILES>\Yiqilai\Temp\foo_vis_yqllyrics.dll".
  • The file at "<$PROGRAMFILES>\Yiqilai\Temp\gen_yqllyrics.dll".
  • The file at "<$PROGRAMFILES>\Yiqilai\Temp\vis_yqllyrics.dll".
  • The file at "<$PROGRAMFILES>\Yiqilai\tools\YiqilaiLyrics.exe".
  • The file at "<$PROGRAMFILES>\Yiqilai\winamp\gen_yqllyrics.dll".
  • The file at "<$PROGRAMFILES>\Yiqilai\winamp\vis_yqllyrics.dll".
  • The file at "<$PROGRAMFILES>\Yiqilai\wmp\YiqilaiLyrics.dll".
  • The file at "<$SYSDRIVE>\System Volume Information\_restore{1DF4BCC4-62CD-424D-82BE-07306400858E}\RP38\A0010789.dll".
  • The file at "<$SYSDRIVE>\System Volume Information\_restore{1DF4BCC4-62CD-424D-82BE-07306400858E}\RP38\A0010790.dll".
  • The file at "<$SYSDRIVE>\System Volume Information\_restore{1DF4BCC4-62CD-424D-82BE-07306400858E}\RP38\A0010791.dll".
  • The file at "<$SYSDRIVE>\System Volume Information\_restore{1DF4BCC4-62CD-424D-82BE-07306400858E}\RP38\A0010792.dll".

Make sure you set your file manager to display hidden and system files. If Ad.YiqilaiLyrics uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Yiqilai\foobar".
  • The directory at "<$PROGRAMFILES>\Yiqilai\html".
  • The directory at "<$PROGRAMFILES>\Yiqilai\lib".
  • The directory at "<$PROGRAMFILES>\Yiqilai\realplayer".
  • The directory at "<$PROGRAMFILES>\Yiqilai\Temp".
  • The directory at "<$PROGRAMFILES>\Yiqilai\tools".
  • The directory at "<$PROGRAMFILES>\Yiqilai\winamp".
  • The directory at "<$PROGRAMFILES>\Yiqilai\wmp".
  • The directory at "<$PROGRAMFILES>\Yiqilai".

Make sure you set your file manager to display hidden and system files. If Ad.YiqilaiLyrics uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\".
  • Delete the registry key "Yiqilai" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
  • Delete the registry key "YiqilaiLyrics" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\Effects\".
  • Remove "YiqilaiLyrics" from registry value "CurrentEffectType" at "HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences\".

If Ad.YiqilaiLyrics uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Yawtix

The following instructions have been created to help you to get rid of "Ad.Yawtix" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Yawtix claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://yawtix.com/Privacy

Links (be careful!):

: ttp://yawtix.com/
: ttp://www.yawtix.com/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{16d667ee-6782-4b21-81df-8ded8ebc3868}.xpi".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.BOAS.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.Bromon.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.BroStats.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.BRT.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.Repmon.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\utilYawtix.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\Yawtix.BOAS.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\Yawtix.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\Yawtix.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\Yawtix.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\Yawtix.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\Yawtix.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\Yawtix.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\Yawtix.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\YawtixBA.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\YawtixBAApp.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\YawtixBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\updater.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\updateYawtix.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\Yawtix.Common.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\Yawtix.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\Yawtix.ico".
  • The file at "<$PROGRAMFILES>\Yawtix\YawtixBHO.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\Yawtixuninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Yawtix uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Yawtix\bin\plugins".
  • The directory at "<$PROGRAMFILES>\Yawtix\bin".
  • The directory at "<$PROGRAMFILES>\Yawtix".

Make sure you set your file manager to display hidden and system files. If Ad.Yawtix uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "Update Yawtix" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update Yawtix" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update Yawtix" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry key "Yawtix" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "Yawtix" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".

If Ad.Yawtix uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.AdvanceMark

The following instructions have been created to help you to get rid of "Ad.AdvanceMark" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.AdvanceMark claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://advancemark.info/Privacy

Links (be careful!):

: ttp://advancemark.info
: ttp://www.advancemark.info

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{495e04b0-3772-475e-a8a2-48beea71d07d}.xpi".
  • The file at "<$PROGRAMFILES>\AdvanceMark\AdvanceMark.Common.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\AdvanceMark.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\AdvanceMark.ico".
  • The file at "<$PROGRAMFILES>\AdvanceMark\AdvanceMarkBHO.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\AdvanceMarkuninstall.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMark.BOAS.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMark.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMark.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMark.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMark.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMark.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMark.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMark.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMarkBA.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMarkBAApp.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMarkBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.BOAS.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.Bromon.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.BroStats.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.BRT.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.Repmon.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\utilAdvanceMark.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\dfnjhlanpjogndmmekddbolopgckekpl.crx".
  • The file at "<$PROGRAMFILES>\AdvanceMark\ljgnombefpobmoclimknbkmilgbanpic.crx".
  • The file at "<$PROGRAMFILES>\AdvanceMark\updateAdvanceMark.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.AdvanceMark uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\AdvanceMark\bin\plugins".
  • The directory at "<$PROGRAMFILES>\AdvanceMark\bin".
  • The directory at "<$PROGRAMFILES>\AdvanceMark".

Make sure you set your file manager to display hidden and system files. If Ad.AdvanceMark uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{45B3E633-A501-4653-B6E6-06D5EF56385C}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{C51F9ABF-47E3-4598-AE64-936AC952C7ED}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{f4bd9fab-17a2-4273-8120-bc88631fc74f}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{f4bd9fab-17a2-4273-8120-bc88631fc74f}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "AdvanceMark" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "AdvanceMark" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USER\Software\AdvanceMark\".
  • Delete the registry key "Update AdvanceMark" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update AdvanceMark" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update AdvanceMark" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\AdvanceMark\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\AdvanceMark\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\AdvanceMark\".

If Ad.AdvanceMark uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Adanak

The following instructions have been created to help you to get rid of "Ad.Adanak" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Adanak claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.adanak.net/Privacy

Links (be careful!):

: ttp://adanak.net
: ttp://www.adanak.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{52fcec3b-6175-49f8-bc7d-127a0e656055}.xpi".
  • The file at "<$PROGRAMFILES>\Adanak\Adanak.Common.dll".
  • The file at "<$PROGRAMFILES>\Adanak\Adanak.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\Adanak\Adanak.ico".
  • The file at "<$PROGRAMFILES>\Adanak\AdanakBHO.dll".
  • The file at "<$PROGRAMFILES>\Adanak\Adanakuninstall.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\Adanak.BOAS.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\Adanak.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\Adanak.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\Adanak.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\Adanak.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\Adanak.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\Adanak.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\Adanak.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\AdanakBA.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\AdanakBAApp.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\AdanakBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.BOAS.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.Bromon.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.BroStats.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.BRT.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.Repmon.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\utilAdanak.exe".
  • The file at "<$PROGRAMFILES>\Adanak\updateAdanak.exe".
  • The file at "<$PROGRAMFILES>\Adanak\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Adanak uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Adanak\bin\plugins".
  • The directory at "<$PROGRAMFILES>\Adanak\bin".
  • The directory at "<$PROGRAMFILES>\Adanak".

Make sure you set your file manager to display hidden and system files. If Ad.Adanak uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "adanak.net" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\".
  • Delete the registry key "Adanak" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Adanak" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
  • Delete the registry key "Update Adanak" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update Adanak" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update Adanak" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "iid" at "HKEY_LOCAL_MACHINE\SOFTWARE\Adanak\".

If Ad.Adanak uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.WebSparkle

The following instructions have been created to help you to get rid of "Ad.WebSparkle" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.WebSparkle claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://websparkle.biz/Privacy

Links (be careful!):

: ttp://websparkle.biz
: ttp://www.websparkle.biz

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "firefox@websparkle.biz.xpi".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BOAS.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.Bromon.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BroStats.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BRT.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.DspSvc.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.ExpExt.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.FeSvc.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.OfSvc.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.Repmon.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinutilWebSparkle.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.BOAS.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.ExpExt.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkleBA.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkleBAApp.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkleBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>WebSparkleikgojpdbiniccokkgadmdheobjfdbbcg.crx".
  • The file at "<$PROGRAMFILES>WebSparkleupdater.exe".
  • The file at "<$PROGRAMFILES>WebSparkleupdateWebSparkle.exe".
  • The file at "<$PROGRAMFILES>WebSparkleWebSparkle.Common.dll".
  • The file at "<$PROGRAMFILES>WebSparkleWebSparkle.FirstRun.exe".
  • The file at "<$PROGRAMFILES>WebSparkleWebSparkle.ico".
  • The file at "<$PROGRAMFILES>WebSparkleWebSparkleBHO.dll".
  • The file at "<$PROGRAMFILES>WebSparkleWebSparkleuninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.WebSparkle uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsikgojpdbiniccokkgadmdheobjfdbbcg1.0.0_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsikgojpdbiniccokkgadmdheobjfdbbcg".
  • The directory at "<$PROGRAMFILES>WebSparklebinplugins".
  • The directory at "<$PROGRAMFILES>WebSparklebin".
  • The directory at "<$PROGRAMFILES>WebSparkle".

Make sure you set your file manager to display hidden and system files. If Ad.WebSparkle uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{6832C453-2F06-4A9F-9080-5DDECF242856}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{6935FA3E-0771-4B2F-A668-8C9CC50A7C90}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{9f56bab3-2739-40ed-a8d0-1451657a9742}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9f56bab3-2739-40ed-a8d0-1451657a9742}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Update WebSparkle" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update WebSparkle" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update WebSparkle" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "WebSparkle" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "WebSparkle" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareWebSparkle".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareWebSparkle".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareWebSparkle".

If Ad.WebSparkle uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SerialTrunc

The following instructions have been created to help you to get rid of "Ad.SerialTrunc" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.SerialTrunc claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.serialtrunc.com/Privacy

Links (be careful!):

: ttp://serialtrunc.com
: ttp://www.serialtrunc.com

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{47351c22-0d6c-4658-a617-795d251145e2}.xpi".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BOAS.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.Bromon.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BroStats.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BRT.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.DspSvc.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.ExpExt.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.FeSvc.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.OfSvc.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.Repmon.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.BOAS.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.ExpExt.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTruncBA.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTruncBAApp.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTruncBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinutilSerialTrunc.exe".
  • The file at "<$PROGRAMFILES>SerialTruncokbdcdmpkkncigegdkhhhamjblgjbfja.crx".
  • The file at "<$PROGRAMFILES>SerialTruncSerialTrunc.Common.dll".
  • The file at "<$PROGRAMFILES>SerialTruncSerialTrunc.FirstRun.exe".
  • The file at "<$PROGRAMFILES>SerialTruncSerialTrunc.ico".
  • The file at "<$PROGRAMFILES>SerialTruncSerialTruncBHO.dll".
  • The file at "<$PROGRAMFILES>SerialTruncSerialTruncUninstall.exe".
  • The file at "<$PROGRAMFILES>SerialTruncupdater.exe".
  • The file at "<$PROGRAMFILES>SerialTruncupdateSerialTrunc.exe".

Make sure you set your file manager to display hidden and system files. If Ad.SerialTrunc uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsokbdcdmpkkncigegdkhhhamjblgjbfja1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsokbdcdmpkkncigegdkhhhamjblgjbfja".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsokbdcdmpkkncigegdkhhhamjblgjbfja".
  • The directory at "<$PROGRAMFILES>SerialTruncbinplugins".
  • The directory at "<$PROGRAMFILES>SerialTruncbin".
  • The directory at "<$PROGRAMFILES>SerialTrunc".

Make sure you set your file manager to display hidden and system files. If Ad.SerialTrunc uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{033A4BE2-42B1-4ACB-A69F-D362922136F0}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{3D1E2CA3-890D-4528-B816-2216F0E16E27}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{6BA82436-C754-4B49-B6AD-075AFA9FC625}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{8F3B5A2D-2D9B-454E-9EE5-20CE1532E9CD}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{e76b4f24-4a2f-4e65-ad36-e2aa934e547c}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{e76b4f24-4a2f-4e65-ad36-e2aa934e547c}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{e93a89a5-325d-4ef5-809d-819f657f498e}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{e93a89a5-325d-4ef5-809d-819f657f498e}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Chrome" at "HKEY_LOCAL_MACHINESOFTWARESerialTrunc".
  • Delete the registry key "Firefox" at "HKEY_CURRENT_USERSoftwareSerialTrunc".
  • Delete the registry key "Firefox" at "HKEY_LOCAL_MACHINESOFTWARESerialTrunc".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareSerialTrunc".
  • Delete the registry key "Internet Explorer" at "HKEY_LOCAL_MACHINESOFTWARESerialTrunc".
  • Delete the registry key "SerialTrunc" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "SerialTrunc" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "SerialTrunc" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Update SerialTrunc" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update SerialTrunc" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update SerialTrunc" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".

If Ad.SerialTrunc uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.BlindBat

The following instructions have been created to help you to get rid of "Ad.BlindBat" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.BlindBat claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>blindbatbinblindbat.BOAS.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.ExpExt.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbatBA.dll".
  • The file at "<$PROGRAMFILES>blindbatbinblindbatBAApp.dll".
  • The file at "<$PROGRAMFILES>blindbatbinblindbatBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BOAS.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.Bromon.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BroStats.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BRT.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.DspSvc.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.ExpExt.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.FeSvc.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.OfSvc.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.Repmon.dll".
  • The file at "<$PROGRAMFILES>blindbatbinutilblindbat.exe".
  • The file at "<$PROGRAMFILES>blindbatblindbat.Common.dll".
  • The file at "<$PROGRAMFILES>blindbatblindbat.FirstRun.exe".
  • The file at "<$PROGRAMFILES>blindbatblindbat.ico".
  • The file at "<$PROGRAMFILES>blindbatblindbatBHO.dll".
  • The file at "<$PROGRAMFILES>blindbatblindbatuninstall.exe".
  • The file at "<$PROGRAMFILES>blindbatupdateblindbat.exe".
  • The file at "<$PROGRAMFILES>blindbatupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.BlindBat uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>blindbatbinplugins".
  • The directory at "<$PROGRAMFILES>blindbatbin".
  • The directory at "<$PROGRAMFILES>blindbat".

Make sure you set your file manager to display hidden and system files. If Ad.BlindBat uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{A653C2BF-2527-4CA5-B18E-CF0199205274}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{a7283e35-7d50-43f7-b698-b29f6b5fe256}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{a7283e35-7d50-43f7-b698-b29f6b5fe256}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{cb1efc96-b4ad-4a33-b6fe-7f7bf4039d0a}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "blindbat" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "blindbat" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update blindbat" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update blindbat" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update blindbat" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".

If Ad.BlindBat uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Fraud.WinIFixer

The following instructions have been created to help you to get rid of "Fraud.WinIFixer" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • malware
  • rogue

Description:

Fraud.WinIFixer is a rogue anti spyware program. It shows legitimate registry entries as security threats and urges the user through annoying pop-ups to buy the fraudulent application.

Removal Instructions:

Quicklaunch area:

Please remove the following items from your start quick launch area next to the "Start" button in the taskbar at the bottom.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.

  • Quicklaunch symbols named "WinIFixer.lnk" and pointing to "<$PROGRAMFILES>WinIFixerWinIFixer.exe".

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "WinIFixer" and pointing to "<$PROGRAMFILES>WinIFixerWinIFixer.exe".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "WinIFixer".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$COMMONDESKTOP>WinIFixer.lnk".
  • The file at "<$COMMONPROGRAMS>WinIFixer.lnk".
  • The file at "<$PROGRAMFILES>WinIFixerdatabase.dat".
  • The file at "<$PROGRAMFILES>WinIFixerlicense.txt".
  • The file at "<$PROGRAMFILES>WinIFixerUninstall.exe".
  • The file at "<$PROGRAMFILES>WinIFixerWinIFixer.exe".
  • The file at "<$PROGRAMFILES>WinIFixerWinIFixerSkin.dll".

Make sure you set your file manager to display hidden and system files. If Fraud.WinIFixer uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunHKCURunOnce".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunHKCU".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunHKLMRunOnce".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunHKLM".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunStartMenuAllUsers".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunStartMenuCurrentUser".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorun".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineBrowserObjects".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantinePackages".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantine".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixer".
  • The directory at "<$APPDATA>WinIFixer".
  • The directory at "<$COMMONPROGRAMS>WinIFixer".
  • The directory at "<$PROGRAMFILES>WinIFixer".

Make sure you set your file manager to display hidden and system files. If Fraud.WinIFixer uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "WinIFixer.com" at "HKEY_LOCAL_MACHINESOFTWARE".

If Fraud.WinIFixer uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Fraud.MalwarePatrolPRO

The following instructions have been created to help you to get rid of "Fraud.MalwarePatrolPRO" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • malware
  • rogue

Description:

Fraud.MalwarePatrolPRO is a rogue anti spyware program. It shows legitimate registry entries as security threats and urges the user through annoying pop-ups to buy the fraudulent application.

Removal Instructions:

Quicklaunch area:

Please remove the following items from your start quick launch area next to the "Start" button in the taskbar at the bottom.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.

  • Quicklaunch symbols named "MPatrolPRO.lnk" and pointing to "<$PROGRAMFILES>MPatrolPROMPatrolPRO.exe".

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "MPatrolPRO" and pointing to "<$PROGRAMFILES>MPatrolPROMPatrolPRO.exe".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "MPatrolPRO".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$COMMONDESKTOP>MPatrolPRO.lnk".
  • The file at "<$COMMONPROGRAMS>Malware Patrol PRO.lnk".
  • The file at "<$PROGRAMFILES>MPatrolPROdatabase.dat".
  • The file at "<$PROGRAMFILES>MPatrolPROlicense.txt".
  • The file at "<$PROGRAMFILES>MPatrolPROMPatrolPRO.exe".
  • The file at "<$PROGRAMFILES>MPatrolPROMPatrolPROSkin.dll".
  • The file at "<$PROGRAMFILES>MPatrolPROUninstall.exe".

Make sure you set your file manager to display hidden and system files. If Fraud.MalwarePatrolPRO uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunHKCURunOnce".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunHKCU".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunHKLMRunOnce".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunHKLM".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunStartMenuAllUsers".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunStartMenuCurrentUser".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorun".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineBrowserObjects".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantinePackages".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantine".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPRO".
  • The directory at "<$APPDATA>MPatrolPRO".
  • The directory at "<$COMMONPROGRAMS>Malware Patrol PRO".
  • The directory at "<$PROGRAMFILES>MPatrolPRO".

Make sure you set your file manager to display hidden and system files. If Fraud.MalwarePatrolPRO uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "MPatrolPRO" at "HKEY_LOCAL_MACHINESOFTWARE".

If Fraud.MalwarePatrolPRO uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.PursuePoint

The following instructions have been created to help you to get rid of "Ad.PursuePoint" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.PursuePoint claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://pursuepoint.com/Privacy

Links (be careful!):

: ttp://pursuepoint.com/
: ttp://www.pursuepoint.com/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BOAS.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.Bromon.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BroStats.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BRT.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.DspSvc.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.ExpExt.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.FeSvc.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.OfSvc.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.Repmon.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.BOAS.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.ExpExt.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePointBA.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePointBAApp.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePointBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinutilPursuePoint.exe".
  • The file at "<$PROGRAMFILES>PursuePointPursuePoint.Common.dll".
  • The file at "<$PROGRAMFILES>PursuePointPursuePoint.FirstRun.exe".
  • The file at "<$PROGRAMFILES>PursuePointPursuePoint.ico".
  • The file at "<$PROGRAMFILES>PursuePointPursuePointBHO.dll".
  • The file at "<$PROGRAMFILES>PursuePointPursuePointuninstall.exe".
  • The file at "<$PROGRAMFILES>PursuePointupdatePursuePoint.exe".
  • The file at "<$PROGRAMFILES>PursuePointupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.PursuePoint uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>PursuePointbinplugins".
  • The directory at "<$PROGRAMFILES>PursuePointbin".
  • The directory at "<$PROGRAMFILES>PursuePoint".

Make sure you set your file manager to display hidden and system files. If Ad.PursuePoint uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{3C34D780-67A3-4E14-9001-5D9E4CE42F48}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{8A849661-DFEC-4C8F-ACF6-5DEA14ABDAB3}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{e1578e0c-7554-4980-a160-d0f4f7d8af47}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{e1578e0c-7554-4980-a160-d0f4f7d8af47}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "PursuePoint" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "PursuePoint" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update PursuePoint" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update PursuePoint" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update PursuePoint" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".

If Ad.PursuePoint uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.GearScroll

The following instructions have been created to help you to get rid of "Ad.GearScroll" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.GearScroll claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.gearscroll.net/Privacy

Links (be careful!):

: ttp://gearscroll.net/
: ttp://www.gearscroll.net/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{3a97dd70-72bb-46f4-8870-7194ab32b8fe}.xpi".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.BOAS.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.ExpExt.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScrollBA.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScrollBAApp.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScrollBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BOAS.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.Bromon.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BroStats.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BRT.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.DspSvc.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.ExpExt.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.FeSvc.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.OfSvc.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.Repmon.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinutilGearScroll.exe".
  • The file at "<$PROGRAMFILES>GearScrollGearScroll.Common.dll".
  • The file at "<$PROGRAMFILES>GearScrollGearScroll.FirstRun.exe".
  • The file at "<$PROGRAMFILES>GearScrollGearScroll.ico".
  • The file at "<$PROGRAMFILES>GearScrollGearScrollBHO.dll".
  • The file at "<$PROGRAMFILES>GearScrollGearScrolluninstall.exe".
  • The file at "<$PROGRAMFILES>GearScrollupdateGearScroll.exe".
  • The file at "<$PROGRAMFILES>GearScrollupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.GearScroll uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>GearScrollbinplugins".
  • The directory at "<$PROGRAMFILES>GearScrollbin".
  • The directory at "<$PROGRAMFILES>GearScroll".

Make sure you set your file manager to display hidden and system files. If Ad.GearScroll uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "gearscroll.net" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "GearScroll" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "GearScroll" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "GearScroll" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Update GearScroll" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update GearScroll" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update GearScroll" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareGearScroll".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareGearScroll".
  • Delete the registry value "iid" at "HKEY_LOCAL_MACHINESOFTWAREGearScroll".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareGearScroll".

If Ad.GearScroll uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Albrechto

The following instructions have been created to help you to get rid of "Ad.Albrechto" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Albrechto claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.albrechto.co/Privacy

Links (be careful!):

: ttp://albrechto.co
: ttp://www.albrechto.co

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>albrechtoalbrechto.Common.dll".
  • The file at "<$PROGRAMFILES>albrechtoalbrechto.FirstRun.exe".
  • The file at "<$PROGRAMFILES>albrechtoalbrechto.ico".
  • The file at "<$PROGRAMFILES>albrechtoalbrechtoBHO.dll".
  • The file at "<$PROGRAMFILES>albrechtoalbrechtouninstall.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.BOAS.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.ExpExt.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechtoBA.dll".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechtoBAApp.dll".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechtoBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BOAS.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.Bromon.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BroStats.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BRT.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.DspSvc.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.ExpExt.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.FeSvc.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.OfSvc.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.Repmon.dll".
  • The file at "<$PROGRAMFILES>albrechtobinutilalbrechto.exe".
  • The file at "<$PROGRAMFILES>albrechtonkopijddpkmggacdghppacglggodkcod.crx".
  • The file at "<$PROGRAMFILES>albrechtoupdatealbrechto.exe".
  • The file at "<$PROGRAMFILES>albrechtoupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Albrechto uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnkopijddpkmggacdghppacglggodkcod1.0.0_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnkopijddpkmggacdghppacglggodkcod".
  • The directory at "<$PROGRAMFILES>albrechtobinplugins".
  • The directory at "<$PROGRAMFILES>albrechtobin".
  • The directory at "<$PROGRAMFILES>albrechto".

Make sure you set your file manager to display hidden and system files. If Ad.Albrechto uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{1881a451-f7fb-44bc-85b2-fcea4b1403e3}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{1881a451-f7fb-44bc-85b2-fcea4b1403e3}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{33245300-D6A0-4F27-B1DE-CD4C97380218}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{43FE7D98-607E-495F-9800-15220FA5698F}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{4b74bd5c-e08b-4921-92bc-1ea8bb899da2}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{4b74bd5c-e08b-4921-92bc-1ea8bb899da2}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{B287C84C-3FB1-48E8-914A-44A41222194C}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{BF411B06-E132-46D1-94B8-15D8E39A9D92}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{CE5A6611-5000-43C6-BBF7-014127FE985A}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "albrechto" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "albrechto" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update albrechto" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update albrechto" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update albrechto" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwarealbrechto".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwarealbrechto".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwarealbrechto".

If Ad.Albrechto uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Spybot 2.5 and Scanner 2.6

Spybot version 2.4 is the most recent version of Spybot available on our website.

Users of the Windows 10 Operating System may encounter issues using this version of Spybot, so we have included files in Spybot’s updates to allow users to upgrade Spybot to version 2.5 after installation.

To do this, install and update Spybot 2.4. This will result in the appearance of a “Post Windows 10 Spybot-install” file which appears on your Desktop. Running this file will prompt you to download and install Spybot 2.5, which we have made changes to for compatibility with Windows 10.

We have not made Spybot 2.5 available on our website yet, as the changes made in this version can cause issues with older OS’s such as Windows Vista or XP.

Sharp-eyed users may also have noticed recently that Spybot’s system scanner has been upgraded to version 2.6. The additional files in this new version of the scanner include fixes for issues that some users were encountering such as:
– The system scan froze without displaying the scan results when the scan had completed (Zlob.ZipCodec issue).
– The “Settings” button in Spybot’s Start Center was unresponsive.

When the fixes for these issues were successfully tested, they were included in the updated version of the scanner.

Payment System Issues 2016-04-20 (resolved)

Please note that if you tried to purchase a Spybot license in the last 24 hours, your order may not have been processed properly due to technical issues with our payment system.

If you encountered this issue, your license request may have been sent as a “Test” order, and a license was not generated for you. If your order was processed this way, your credit card will not have been charged for your purchase.

This issue has since been fixed, and orders are now functioning correctly. If you place a new order, this will be processed correctly and your license will be generated for you.

If you have any concerns about this issue, or are unsure if you were affected by it, you can contact our Sales Team here:

Resend License

Manual Removal Guide for Win32.BHO.acsi

The following instructions have been created to help you to get rid of "Win32.BHO.acsi" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan
  • bho

Description:

Win32.BHO.acsi creates files in the program files subfolder "extremeup" and installs a BHO (Browser Helper Object).

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "extremeup" and pointing to "<$PROGRAMFILES>extremeupextremeupupdate.exe".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>extremeupextremeup.dll".
  • The file at "<$PROGRAMFILES>extremeupextremeupupdate.exe".
  • The file at "<$PROGRAMFILES>extremeupuninstall.exe".

Make sure you set your file manager to display hidden and system files. If Win32.BHO.acsi uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>extremeup".

Make sure you set your file manager to display hidden and system files. If Win32.BHO.acsi uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT named "autopopup.autopopupobj.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "autopopup.autopopupobj", plus associated values.
  • Delete the registry key "{0C0882B9-B682-4800-8258-B367CD9851FB}" at "HKEY_CLASSES_ROOTAppID".
  • Delete the registry key "{301629EB-3644-45C2-8E24-97B95054983B}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{8327886C-C208-408B-AD90-B3EE40C42947}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{8327886C-C208-408B-AD90-B3EE40C42947}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{F9849E61-949E-4A3C-B87D-0C920D223433}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "autopopup.DLL" at "HKEY_CLASSES_ROOTAppID".
  • Delete the registry key "extremeup" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "extremeup" at "HKEY_CURRENT_USERSoftwareAppDataLowSoftware".
  • Delete the registry key "extremeup" at "HKEY_LOCAL_MACHINESOFTWARE".

If Win32.BHO.acsi uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.ClingClang

The following instructions have been created to help you to get rid of "Ad.ClingClang" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.ClingClang claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.BOAS.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.ExpExt.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClangBA.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClangBAApp.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClangBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BOAS.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.Bromon.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BroStats.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BRT.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.DspSvc.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.ExpExt.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.FeSvc.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.OfSvc.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.Repmon.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinutilClingClang.exe".
  • The file at "<$PROGRAMFILES>Cling ClangClingClang.Common.dll".
  • The file at "<$PROGRAMFILES>Cling ClangClingClang.FirstRun.exe".
  • The file at "<$PROGRAMFILES>Cling ClangClingClang.ico".
  • The file at "<$PROGRAMFILES>Cling ClangClingClangBHO.dll".
  • The file at "<$PROGRAMFILES>Cling ClangClingClanguninstall.exe".
  • The file at "<$PROGRAMFILES>Cling ClangupdateClingClang.exe".
  • The file at "<$PROGRAMFILES>Cling Clangupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.ClingClang uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>Cling Clangbinplugins".
  • The directory at "<$PROGRAMFILES>Cling Clangbin".
  • The directory at "<$PROGRAMFILES>Cling Clang".

Make sure you set your file manager to display hidden and system files. If Ad.ClingClang uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{aa9aa36b-5b7b-4996-b083-83ef84d53b19}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{aa9aa36b-5b7b-4996-b083-83ef84d53b19}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{F5CC28D2-55BD-4D7D-A315-BE93C4EDA1C2}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "Cling Clang" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Cling Clang" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update Cling Clang" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Cling Clang" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Cling Clang" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".

If Ad.ClingClang uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.QvodPlayer

The following instructions have been created to help you to get rid of "Ad.QvodPlayer" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.QvodPlayer installs a chinese video player and adware applications, e.g. BaiduBar.

Removal Instructions:

Desktop:

Please remove the following files from your desktop.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.

  • Shortcuts named "QvodPlayer" and pointing to "E:Program FilesQvodPlayerQvodPlayer.exe".

Important: There are more desktop links that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Quicklaunch area:

Important: There are more quicklaunch items that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "Kuaiwan" and pointing to "?<$PROGRAMFILES>KuaiwanKuaiwan.exe*".
  • Entries named "QvodPlayer" and pointing to "<$SYSDRIVE>Program FilesQvodPlayerQvodTerminal.exe".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "Kuaiwan".
  • Products that have a key or property named "QvodPlayer".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$COMMONAPPDATA>KuaiWanAppInfo.xml".
  • The file at "<$COMMONAPPDATA>KuaiWanUser.ini".
  • The file at "<$PROGRAMFILES>KuaiwanskinDefaultSkin.xml".
  • The file at "<$PROGRAMFILES>KuaiwanskinDefaultSkinMainTabThumbs.db".
  • The file at "<$PROGRAMFILES>KuaiwanskinDefaultSkinWebGameTabThumbs.db".
  • The file at "<$SYSDRIVE>desktop.ini".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerAddInASBarBroker.exe".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerQvodCfg.ini".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerSkinDefaultvolumep.bmp".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerTipPopMessage.xml".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerTipQvodTip.exe".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerTipQvodTips.dll".

Make sure you set your file manager to display hidden and system files. If Ad.QvodPlayer uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>qvodaddr".
  • The directory at "<$COMMONAPPDATA>KuaiWan".
  • The directory at "<$COMMONPROGRAMFILES>QvodPlayerCodecs".
  • The directory at "<$COMMONPROGRAMFILES>QvodPlayer".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkininsert".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkinkey".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkinMainTab".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkinwebgame".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkinWebGameTab".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkin".
  • The directory at "<$PROGRAMFILES>Kuaiwanskin".
  • The directory at "<$PROGRAMFILES>Kuaiwan".
  • The directory at "<$PROGRAMS>QVOD".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerAddIn".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerCodecs".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerLang".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerLyrics".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinAluminum".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinBlue".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinDark".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinDefault".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinExalted".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinGray".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinMediaPlayer".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinMiNi".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinNavy".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_ccch".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_gysd".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_lskj".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_ly".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_QuickTimer".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_sl".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_xlxl".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_yh".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_yryh".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_zcl".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinSimple".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinSimple2".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkin".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerTip".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerViewdata".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayer".

Make sure you set your file manager to display hidden and system files. If Ad.QvodPlayer uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT named "KWCheck.KuaiWan.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "KWCheck.KuaiWan", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QVOD", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QVODADD", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "Qvodbt", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QVODCHA", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QvodInsert.QvodCtrl.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QvodInsert.QvodCtrl", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.3g2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.3gp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.3gp2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.3gpp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.aac", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ac3", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.aif", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.aifc", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.aiff", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.amr", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.amv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ape", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.asf", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.asx", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.au", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.avi", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.bik", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.cda", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.csf", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.cue", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.d2v", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dsa", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dsm", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dss", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dsv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dts", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dvd", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.evo", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.f4v", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.flac", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.flc", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.fli", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.flv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ivf", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m1v", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m2p", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m2ts", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m2v", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m3u", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m4a", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m4b", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m4p", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m4v", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mac", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mid", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.midi", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mkv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mod", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mov", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mp2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mp3", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mp4", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mp5", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mpa", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mpe", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mpeg", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mpg", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mpga", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mts", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mvx", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ogg", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ogm", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.pm2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.pmp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.pmp2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.pss", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.pva", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.qmv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.qpl", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.qsed", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.qt", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ra", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ram", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rat", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rm", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rmi", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rmvb", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.roq", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rpm", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rsc", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rt", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.smil", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.smk", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.smv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.swf", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.tim", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.tp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.tpr", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ts", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.tta", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ttpl", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.vg2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.vid", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.vob", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.vp6", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.vp7", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wav", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wm", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wma", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wmp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wmv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wmx", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wpl", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QVODSEA", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "ShareModule.QvodShare.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "ShareModule.QvodShare", plus associated values.
  • Delete the registry key "{00000001-4FEF-40D3-B3FA-E0531B897F98}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{007FC171-01AA-4B3A-B2DB-062DEE815A1E}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0180E49C-13BF-46DB-9AFD-9F52292E1C22}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{02AFA80F-4BEE-41FD-8572-214B58A9EF90}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{03D82D06-49E2-4E37-9670-BCAB4DBC642D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{04FE9017-F873-410E-871E-AB91661A4EF7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0512B874-44F6-48F1-AFB5-6DE808DDE230}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{05F983EC-637F-4133-B489-5E03914929D7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0912B4DD-A30A-4568-B590-7179EBB420EC}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{09571A4B-F1FE-4C60-9760-DE6D310C7C31}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0B390488-D80F-4A68-8408-48DC199F0E97}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0C56B154-43F7-48A0-87B2-E9ACC8E1E471}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0E9D4BF7-CBCB-46C7-BD80-4EF223A3DC2B}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0F40E1E5-4F79-4988-B1A9-CC98794E6B55}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{1365BE7A-C86A-473C-9A41-C0A6E82C9FA3}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{164A68B6-3F90-47C2-85A7-1E4D8952EF0A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{1932C124-77DA-4151-99AA-234FEA09F463}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{1ADD57B8-A7A9-4518-B9B5-862590FF9EB4}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy".
  • Delete the registry key "{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy".
  • Delete the registry key "{1F71651E-65D2-40BF-AC44-275D11927D99}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{20E9DE6B-87D5-4E85-8BB0-038284A6C44D}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{212CA6D1-E9BB-41cf-BF77-06E000F403A8}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{238D0F23-5DC9-45A6-9BE2-666160C324DD}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{24FA7933-FE18-46A9-914A-C2AA0DBACE93}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{2566F758-FE4A-4691-9F93-30AF685BB403}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{2627A1B6-F8FF-4E9C-9422-4908E8D1DFE9}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{2F09858D-D67F-4F8B-8DE8-666666CB9FAD}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{32E2BDD6-8812-42c3-A907-B9587C148EE3}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{363F46BE-27B4-4C8D-99E7-B1E049B84376}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{37991D68-42A3-40E3-8C05-037170E1A42A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{3BB3828F-9787-48A7-A894-6ADE46C64737}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{3CCC052E-BDEE-408A-BEA7-90914EF2964B}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{3E3ECA90-4D6A-4344-98C3-1BB95BF24038}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{3FD0479E-D6B9-4629-9496-509D3D070918}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{412C98D0-B46E-4FFA-92E1-4016782EE0AB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{432F118C-DB79-4561-9799-CC95EA78208B}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{46E00789-37CA-4278-8907-02088898B6B0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{47E792CF-0BBE-4F7A-859C-194B0768650A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{48B51CD7-D8FA-4452-B00C-5BBFDE92B9AB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{49590BC9-6DD5-4E44-AD4C-E8FCB7131EC4}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{4DB2B5D9-4556-4340-B189-AD20110D953F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{50DDA33E-C529-4343-9689-338ADC793BB5}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{533B0507-1869-4503-B61C-DA4842EEB800}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{53D9DE0B-FC61-4650-9773-74D13CC7E582}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{545A00C2-FCCC-40B3-9310-2C36AE64B0DD}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{54A35221-2C8D-4A31-A5DF-6D809847E393}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{5593CF36-190B-4A47-A4DD-9680093DBA1D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{55DA30FC-F16B-49FC-BAA5-AE59FC65A150}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{5711D95F-0984-4A22-8FF8-90A954958D0C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{57A5353F-2725-440c-BBBC-DB20A1C8A57D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{5905A0A9-A82C-4A7B-8418-FC1F6D1AD5DB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{59A0DB73-0287-4C9A-9D3C-8CFF39F8E5DB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{5BC26A00-5101-47d7-A5DB-AB6AAC44F51B}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{60765CF5-01C2-4EE7-A44B-C791CF25FEA0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{64697678-0000-0010-8000-00AA00389B71}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{64F2005C-6CF5-4652-B94F-600360B15B27}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{650DE05E-5CD3-44F8-BA20-A5BB91FC61E6}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{66EA14E6-E2B3-433D-923E-EE401CADBBD9}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6B97CB13-A992-4970-8864-4F32E845B7B4}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6D3688CE-3E9D-42F4-92CA-8A11119D25CD}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6E756F73-15A3-4ECE-98C0-D9CD2744F5A8}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6F6C6F63-0000-0010-8000-00AA00389B71}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{7139E26A-49CA-4344-B063-C702858627D9}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{75878923-D1ED-49AF-B550-BC993578292E}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{760A8F35-97E7-479D-AAF5-DA9EFF95D751}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{765035B3-5944-4A94-806B-20EE3415F26F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{78302E8C-3C6F-267C-2E0D-1D37BF7E3D64}" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "{78766964-0000-0010-8000-00AA00389B71}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy".
  • Delete the registry key "{7B63A013-DC2C-462E-9292-CAF8C867100F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{7B6F8B69-0925-48F1-AE78-7506D6C3972C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{7CA71B1E-A67D-4D54-A200-FA47605483A7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{7E493C9A-2E54-4F25-9B9A-D3C4DEBFCB62}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{803E8280-F3CE-4201-982C-8CD8FB512004}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{86708513-5A2E-424f-AB46-F4BE3F82954F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{87271B4E-1726-4CED-AF0D-BE675621FD29}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{87BBB4ED-1767-4b7e-821C-7C4657E439D4}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{895322C5-84A1-450C-8478-C57793CAE86F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{89B2C28D-779F-4704-AD29-113B0977E8A5}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{8E8B4A31-408B-4929-86A4-A9FA9F01BA43}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{8E9922F0-B775-45B8-B650-941BEA790EEB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{8F43B7D9-9D6B-4F48-BE18-4D787C795EEA}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{90A9B7D2-3794-45EA-9E23-140E3938D2D9}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{90C7D10E-CE9A-479B-A238-1A0F2396DE43}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{91878E42-FC03-4785-B513-1F9E613D1027}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{93A22E7A-5091-45EF-BA61-6DA26156A5D0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{941A4793-A705-4312-8DFC-C11CA05F397E}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{94C3E4BB-A261-4A83-B437-EA6F7A28CA68}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{94C3E4BB-A261-4A83-B437-EA6F7A28CA68}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{96CE7B0D-06B3-42E2-8DB7-CFC6CF0121F6}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9736D831-9D6C-4E72-B6E7-560EF9181001}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9852A670-F845-491B-9BE6-EBD841B8A613}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{99735894-CAF4-488B-8275-B8CB1998216E}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{99AA8908-FC7F-4815-B023-3BC2F5F8D372}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{99D9DC39-90DE-41D3-AECA-345D7F1B9540}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9A6E096E-4588-3E32-F06C-69F6B8784825}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9A6E096E-4588-3E32-F06C-69F6B8784825}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{9A98ADCC-C6A4-449E-A8B1-0363673D9F8A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9B2DBA95-39D2-4537-8BBF-CED535E8DE56}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9F44453E-1E46-4D5C-B57C-112FF2EDAE82}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9FF48807-E133-40AA-826F-9B2959E5232D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A0606860-51BE-4CF6-99C0-7CE5F78AC2D8}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A28F324B-DDC5-4999-AA25-D3A7E25EF7A8}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A36C253D-CEE4-4BCA-9CC2-E03CF6BBB054}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A753A1EC-973E-4718-AF8E-A3F554D45C44}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A8B25C0E-0894-4531-B668-AB1599FAF7F6}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A94662D1-35FD-43d1-BDA3-172CE4D5C236}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A975010E-D292-4A74-A9FF-E536C94C0647}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{AAA4AACD-FD95-4240-9C45-9EB98E5DAC52}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{ACD23F8C-B37E-4B2D-BA08-86CB6E621D6A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{ACE4747B-35BD-4E97-9DD7-1D4245B0695C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{AD461A96-4DB8-4C6E-BF23-84D682ADC382}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{AD92C6E6-997A-4E9E-9D7D-EDED6DE933FB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{AF54DF04-9597-4B3D-947A-3A7A7F29C0E9}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B3DE7EDC-0CD4-4d07-B1C5-92219CD475CC}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B4DAEDB7-7F0E-434F-9AA3-B82B549A3680}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B5A7D70F-AE96-4F83-B811-572CA3529323}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B6EAE677-074B-43EA-9239-5E509F87C652}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B7BCE5B0-2112-420A-BDFF-178995FBFCA2}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B841F346-4835-4de8-AA5E-2E7CD2D4C435}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B86F6BEE-E7C0-4D03-8D52-5B4430CF6C88}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes".
  • Delete the registry key "{BA327E17-6AE9-430B-8246-1A90208AD1D7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{BAC04407-3588-42AA-93BE-6D3720E9FB28}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{BB9CDE7F-AF28-4205-9B3C-789FA7D0F29F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{BD4FB4BE-809D-487b-ADD6-F7D164247E52}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{BDE0D9DF-288F-4286-906F-93197673B3A7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C1630673-8C58-481C-9F15-83F11D8B89F0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C204438D-6E1A-4309-B09C-0C0F749863AF}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C29CE93C-3908-4DA7-A7DA-4968C3AF2AE8}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{C2D6D98F-09CA-4524-AF64-1049B5665C9C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C7E094E1-A326-4E33-824D-6598D399DA13}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C8B9C208-9E5C-4F09-AED5-B21A273C4CCA}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C9ECE7B3-1D8E-41F5-9F24-B255DF16C087}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{CE77C59C-CFD2-429F-868C-8B04D23F94CA}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{CEA8DEFF-0AF7-4DB9-9A38-FB3C3AEFC0DE}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D02E3AB9-7796-40CB-BDFC-20D834FE1F75}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{D0430FE6-1621-41e4-A109-CA5B0C57FE1D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D2598A88-4035-4556-84A2-B0F76A544E92}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D367878E-F3B8-4235-A968-F378EF1B9A44}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D48D1EB2-BF95-4EE1-BD69-9AD0515F050D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D6065CEC-BDEE-4C6D-BE53-DD27DFED2E75}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{D6A9B8CC-192D-4F00-8BF8-AD8774011B07}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D6D61C19-8563-4e8e-B755-0589DA6A3077}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D7AF1F00-A702-4D1B-8490-8B7E0CDC3DEF}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D8DF27C0-209C-41EF-8AF9-30A0C2C13268}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{DB43B405-43AA-4f01-82D8-D84D47E6019C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{DBF9000E-F08C-4858-B769-C914A0FBB1D7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{DC257063-045F-4BE2-BD5B-E12279C464F0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{df20ddfa-0d19-463a-ab46-e5d8ef6efd69}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E117D42B-839C-498A-95DA-647BC90E2B8F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E21BE468-5C18-43EB-B0CC-DB93A847D769}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E3DEC0EB-13E4-45EE-8F2E-577A3ECAFCBD}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{E4C3B74F-0C02-4D4E-B932-F7A1889B3ABB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E5960BC4-A76B-4211-BEEC-9AEE2AF8AAE6}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E9203D3F-6404-40aa-99CC-5267215B81A7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{EBCBF283-A798-4BA1-A8E1-E9413927F715}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{ECCBA771-92F2-497b-98AA-5FAA0BAA2DF6}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F0B801B1-A239-473B-B6B4-6AE3DB3ABBD3}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F13D3732-96BD-4108-AFEB-E85F68FF64DC}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F23B1F18-CB1A-47ED-A1FE-B60494A626D0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F3D0D36F-23F8-4682-A195-74C92B03D4AF}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F4F4A9DC-D4B6-4145-8EBC-8E5099686237}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F544E0F5-CA3C-47EA-A64D-35FCF1602396}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F6E8FC04-8B05-48B1-9399-848229502A06}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F9BC0421-BB5C-447D-8547-BB45AFA80A4D}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{F9D06915-85A0-442A-A465-5F3AAAFE059B}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{FBA5FB05-58C3-45CB-8B0D-C2313EA048CF}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{FF5DCC7A-7147-41E1-86E8-DD05ABD588BF}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{FFFCC670-5CD4-4C09-952C-F53F46C2B1A7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "Kuaiwan.exe" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp Paths".
  • Delete the registry key "Kuaiwan" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "KuaiWanInsert" at "HKEY_CURRENT_USERSoftwareMozillaPlugins".
  • Delete the registry key "madFlac" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "QvodCDAudioOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersHandlers".
  • Delete the registry key "QvodDVDMovieOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersHandlers".
  • Delete the registry key "QvodMediaOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersHandlers".
  • Delete the registry key "QvodMenu" at "HKEY_CLASSES_ROOT*shellexContextMenuHandlers".
  • Delete the registry key "QvodPlayer.exe" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp Paths".
  • Delete the registry key "QvodPlayer" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "QvodPlayer" at "HKEY_CURRENT_USERSoftwareCyberLinkCommonCLVSD".
  • Delete the registry key "QvodPlayer" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT.dat".
  • Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT.dvd".
  • Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT.mov".
  • Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT.torrent".
  • Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT.wmp".
  • Delete the registry value "qhtp" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsAccepted Documents".
  • Delete the registry value "qvod" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsAccepted Documents".
  • Delete the registry value "QvodCDAudioOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersEventHandlersPlayCDAudioOnArrival".
  • Delete the registry value "QvodDVDMovieOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersEventHandlersPlayDVDMovieOnArrival".
  • Delete the registry value "QvodMediaOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersEventHandlersPlayMusicFilesOnArrival".
  • Delete the registry value "QvodMediaOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersEventHandlersPlayVideoFilesOnArrival".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.aif".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.aifc".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.aiff".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.asf".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.asx".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.au".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.avi".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.cda".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.ivf".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.m1v".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.m3u".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mid".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.midi".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mp2".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mp3".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mpa".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mpe".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mpeg".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mpg".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.rat".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.rmi".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.rpm".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.swf".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wav".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wm".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wma".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wmv".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wmx".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wpl".

If Ad.QvodPlayer uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Browser:

The following browser plugins or items can either be removed directly in your browser, or through the help of e.g. Spybot-S&D or RunAlyzer.

  • Please check your bookmarks for links to "kuaibo.com".

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Okiitan

The following instructions have been created to help you to get rid of "Ad.Okiitan" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Okiitan claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://okiitan.com/Privacy

Links (be careful!):

: ttp://okiitan.com/
: ttp://www.okiitan.com/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{78b17104-363a-4bd9-b49c-77419f14b0d0}.xpi".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.BOAS.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.ExpExt.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitanBA.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitanBAApp.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitanBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BOAS.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.Bromon.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BroStats.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BRT.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.DspSvc.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.ExpExt.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.FeSvc.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.OfSvc.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.Repmon.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinutilOkiitan.exe".
  • The file at "<$PROGRAMFILES>OkiitanOkiitan.Common.dll".
  • The file at "<$PROGRAMFILES>OkiitanOkiitan.FirstRun.exe".
  • The file at "<$PROGRAMFILES>OkiitanOkiitan.ico".
  • The file at "<$PROGRAMFILES>OkiitanOkiitanBHO.dll".
  • The file at "<$PROGRAMFILES>OkiitanOkiitanuninstall.exe".
  • The file at "<$PROGRAMFILES>OkiitanupdateOkiitan.exe".
  • The file at "<$PROGRAMFILES>Okiitanupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Okiitan uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>Okiitanbinplugins".
  • The directory at "<$PROGRAMFILES>Okiitanbin".
  • The directory at "<$PROGRAMFILES>Okiitan".

Make sure you set your file manager to display hidden and system files. If Ad.Okiitan uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "Okiitan" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Okiitan" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update Okiitan" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Okiitan" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Okiitan" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".

If Ad.Okiitan uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Larparus

The following instructions have been created to help you to get rid of "Ad.Larparus" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Larparus claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.larparus.com/Privacy

Links (be careful!):

: ttp://larparus.com
: ttp://www.larparus.com

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>LarparusbinLarparus.BOAS.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.ExpExt.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparusBA.dll".
  • The file at "<$PROGRAMFILES>LarparusbinLarparusBAApp.dll".
  • The file at "<$PROGRAMFILES>LarparusbinLarparusBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BOAS.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.Bromon.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BroStats.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BRT.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.DspSvc.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.ExpExt.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.FeSvc.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.OfSvc.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.Repmon.dll".
  • The file at "<$PROGRAMFILES>LarparusbinutilLarparus.exe".
  • The file at "<$PROGRAMFILES>LarparusLarparus.Common.dll".
  • The file at "<$PROGRAMFILES>LarparusLarparus.FirstRun.exe".
  • The file at "<$PROGRAMFILES>LarparusLarparus.ico".
  • The file at "<$PROGRAMFILES>LarparusLarparusBHO.dll".
  • The file at "<$PROGRAMFILES>LarparusLarparusuninstall.exe".
  • The file at "<$PROGRAMFILES>Larparusnhggejjcbpfidlfahfdglfmhpdmoikbb.crx".
  • The file at "<$PROGRAMFILES>LarparusupdateLarparus.exe".
  • The file at "<$PROGRAMFILES>Larparusupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Larparus uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnhggejjcbpfidlfahfdglfmhpdmoikbb1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnhggejjcbpfidlfahfdglfmhpdmoikbb".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsnhggejjcbpfidlfahfdglfmhpdmoikbb".
  • The directory at "<$PROGRAMFILES>Larparusbinplugins".
  • The directory at "<$PROGRAMFILES>Larparusbin".
  • The directory at "<$PROGRAMFILES>Larparus".

Make sure you set your file manager to display hidden and system files. If Ad.Larparus uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{046c439e-6aa7-41d3-9838-62f88a9dc029}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{046c439e-6aa7-41d3-9838-62f88a9dc029}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{95490DA1-D9FC-4EE8-BC26-4617B2D19BAC}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{FB3F0DA5-B1E6-407B-8D63-2B048627FE67}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "Larparus" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Larparus" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update Larparus" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Larparus" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Larparus" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareLarparus".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareLarparus".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareLarparus".

If Ad.Larparus uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.FindRight

The following instructions have been created to help you to get rid of "Ad.FindRight" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.FindRight claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Links (be careful!):

: ttp://myfindright.com
: ttp://www.myfindright.com

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{42e50651-9669-456e-9081-d5a836274274}.xpi".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.BOAS.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.ExpExt.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRightBA.dll".
  • The file at "<$PROGRAMFILES>FindRightbinFindRightBAApp.dll".
  • The file at "<$PROGRAMFILES>FindRightbinFindRightBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BOAS.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.Bromon.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BroStats.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BRT.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.DspSvc.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.ExpExt.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.FeSvc.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.OfSvc.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.Repmon.dll".
  • The file at "<$PROGRAMFILES>FindRightbinutilFindRight.exe".
  • The file at "<$PROGRAMFILES>FindRightbinXTLSApp.dll".
  • The file at "<$PROGRAMFILES>FindRightbinXTLSApp.exe".
  • The file at "<$PROGRAMFILES>FindRightFindRight.Common.dll".
  • The file at "<$PROGRAMFILES>FindRightFindRight.FirstRun.exe".
  • The file at "<$PROGRAMFILES>FindRightFindRight.ico".
  • The file at "<$PROGRAMFILES>FindRightFindRightBHO.dll".
  • The file at "<$PROGRAMFILES>FindRightFindRightuninstall.exe".
  • The file at "<$PROGRAMFILES>FindRightibokihboaojdolnlgbejebillmaodnfc.crx".
  • The file at "<$PROGRAMFILES>FindRightupdateFindRight.exe".
  • The file at "<$PROGRAMFILES>FindRightupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.FindRight uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsibokihboaojdolnlgbejebillmaodnfc1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsibokihboaojdolnlgbejebillmaodnfc".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsibokihboaojdolnlgbejebillmaodnfc".
  • The directory at "<$PROGRAMFILES>FindRightbinplugins".
  • The directory at "<$PROGRAMFILES>FindRightbin".
  • The directory at "<$PROGRAMFILES>FindRight".

Make sure you set your file manager to display hidden and system files. If Ad.FindRight uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{2c774641-5504-46a8-b63f-6715ae3fe376}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{2c774641-5504-46a8-b63f-6715ae3fe376}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{4CCADDA1-60AD-48AA-97C2-FA892D2499FB}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{C638ABE2-47DA-4351-B170-E6A673D25CA3}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "FindRight" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "FindRight" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update FindRight" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update FindRight" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update FindRight" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareFindRight".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareFindRight".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareFindRight".

If Ad.FindRight uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.PrivacyPlus

The following instructions have been created to help you to get rid of "PU.PrivacyPlus" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.PrivacyPlus is a Korean unwanted program.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "PrivacyPlus" and pointing to "<$PROGRAMFILES>PrivacyPlusPrivacyPlusC.exe*".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALSETTINGS>TempPRIVACY_PLUS.exe".
  • The file at "<$PROGRAMFILES>PrivacyPlusUninstall.exe".

Make sure you set your file manager to display hidden and system files. If PU.PrivacyPlus uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>PrivacyPlus".

Make sure you set your file manager to display hidden and system files. If PU.PrivacyPlus uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "PrivacyPlus" at "HKEY_CURRENT_USERSoftware".

If PU.PrivacyPlus uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.WebFrog

The following instructions have been created to help you to get rid of "Ad.WebFrog" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.WebFrog is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://www.webfrog.co/Privacy

Links (be careful!):

: ttp://www.webfrog.co
: ttp://wwwwebfrogco-a.akamaihd.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BOAS.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.Bromon.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BroStats.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BRT.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.DspSvc.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.ExpExt.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.FeSvc.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.OfSvc.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.Repmon.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinutilWebFrog.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BOAS.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.ExpExt.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrogBA.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrogBAApp.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrogBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>Web Frogfirefox@webfrog.co.xpi".
  • The file at "<$PROGRAMFILES>Web Frogupdater.exe".
  • The file at "<$PROGRAMFILES>Web FrogupdateWebFrog.exe".
  • The file at "<$PROGRAMFILES>Web FrogWebFrog.Common.dll".
  • The file at "<$PROGRAMFILES>Web FrogWebFrog.FirstRun.exe".
  • The file at "<$PROGRAMFILES>Web FrogWebFrog.ico".
  • The file at "<$PROGRAMFILES>Web FrogWebFrogBHO.dll".
  • The file at "<$PROGRAMFILES>Web FrogWebFroguninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.WebFrog uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>Web Frogbinplugins".
  • The directory at "<$PROGRAMFILES>Web Frogbin".
  • The directory at "<$PROGRAMFILES>Web Frog".

Make sure you set your file manager to display hidden and system files. If Ad.WebFrog uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{08F912CE-C6DF-4557-99E3-90FDE95EB1A5}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{2840C6AA-D471-468E-98F7-C316A1E444EB}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{96850e3d-7a6b-49ff-b395-31430016c5ed}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{96850e3d-7a6b-49ff-b395-31430016c5ed}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Chrome" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry key "Firefox" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry key "Firefox" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry key "Internet Explorer" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry key "Update WebFrog" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update WebFrog" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update WebFrog" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "Web Frog" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Web Frog" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Web Frog" at "HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry value "iid" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareWeb Frog".

If Ad.WebFrog uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.ViewPlay

The following instructions have been created to help you to get rid of "Ad.ViewPlay" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.ViewPlay is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://www.viewplay.net/Privacy

Links (be careful!):

: ttp://www.viewplay.net
: ttp://wwwviewplaynet-a.akamaihd.net/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BOAS.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Bromon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BroStats.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BRT.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.DspSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.ExpExt.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.FeSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.OfSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Repmon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinutilViewPlay.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOAS.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BrowserFilter.Helper.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.ExpExt.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBA.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBAApp.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>ViewPlayupdater.exe".
  • The file at "<$PROGRAMFILES>ViewPlayupdateViewPlay.exe".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.Common.dll".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.FirstRun.exe".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.ico".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayBHO.7z".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayBHO.dll".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayFR.7z".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayuninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.ViewPlay uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>ViewPlaybinplugins".
  • The directory at "<$PROGRAMFILES>ViewPlaybin".
  • The directory at "<$PROGRAMFILES>ViewPlay".

Make sure you set your file manager to display hidden and system files. If Ad.ViewPlay uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{6336aaf8-3481-495b-bb79-70deb1f1590d}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6336aaf8-3481-495b-bb79-70deb1f1590d}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{BB412D2C-F5A0-442B-8923-9109CE207B2A}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{DB2BC9D8-FE5A-4D34-9340-40054F0A44FE}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "viewplay.net" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "ViewPlay" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "ViewPlay" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareViewPlay".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareViewPlay".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareViewPlay".

If Ad.ViewPlay uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.UtilDanawa

The following instructions have been created to help you to get rid of "Ad.UtilDanawa" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.UtilDanawa downloads and installs several Korean adware or PUPS.

Removal Instructions:

Desktop:

Important: There are more desktop links that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Quicklaunch area:

Important: There are more quicklaunch items that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "UtilDanawa" and pointing to "<$PROGRAMFILES>UtilDanawaUtilDanawa?.exe*".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>UtilDanawaUninstall.exe".
  • The file at "<$PROGRAMFILES>UtilDanawaUTDown.exe".
  • The file at "<$PROGRAMFILES>UtilDanawaUTDown2.exe".
  • The file at "<$PROGRAMFILES>UtilDanawaUTUp.exe".
  • The file at "<$PROGRAMFILES>UtilDanawaversion.cab".
  • The file at "<$SYSDIR>UtilDanawa.ico".

Make sure you set your file manager to display hidden and system files. If Ad.UtilDanawa uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>UtilDanawa".

Make sure you set your file manager to display hidden and system files. If Ad.UtilDanawa uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT named "UtilDanawaCtrl.UtilDanawa.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "UtilDanawaCtrl.UtilDanawa", plus associated values.
  • Delete the registry key "{1EFCE84D-F033-424A-98EC-509CBF814EED}" at "HKEY_CLASSES_ROOTAppID".
  • Delete the registry key "{2130339C-A739-46B4-989D-CC8031A4B62E}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{253BEEDD-2B63-48EC-8AEA-8297BAD9452C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{289B55CF-913A-4857-8F71-6D17B09267E6}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{289B55CF-913A-4857-8F71-6D17B09267E6}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{2C2B0F57-51F2-4d1d-9A90-B3249BA0CEE4}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{2C2B0F57-51F2-4D1D-9A90-B3249BA0CEE4}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{33297377-1A0F-4cfd-A866-EFDA4866A194}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{33297377-1A0F-4CFD-A866-EFDA4866A194}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{3AD6477B-6AB0-4770-9808-C3245346BD45}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{3AD6477B-6AB0-4770-9808-C3245346BD45}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{4855AC5F-ADB6-40D2-A6D7-7C7247D0A4DE}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{600A635A-7003-4347-BAC1-254A8F935B1A}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{600A635A-7003-4347-BAC1-254A8F935B1A}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{7781A959-A6BF-4dcc-928B-E5AF9ED668D7}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{7781A959-A6BF-4DCC-928B-E5AF9ED668D7}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{84BADA55-2BC1-4319-9BD3-1A5EE01EE1D8}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{84BADA55-2BC1-4319-9BD3-1A5EE01EE1D8}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{945D8B13-529C-43e8-B4ED-E7535CCDD2F7}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{945D8B13-529C-43E8-B4ED-E7535CCDD2F7}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{D0C0E513-8BC6-4FB7-BEF6-9652AFC9027B}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "UtilDanawa" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "UtilDanawaCtrl.DLL" at "HKEY_CLASSES_ROOTAppID".

If Ad.UtilDanawa uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Browser:

The following browser plugins or items can either be removed directly in your browser, or through the help of e.g. Spybot-S&D or RunAlyzer.

  • Please check your bookmarks for links to "downbomul.com".

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SearchFoot

The following instructions have been created to help you to get rid of "Ad.SearchFoot" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.SearchFoot claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.searchfoot.net/Privacy

Links (be careful!):

: ttp://searchfoot.net/
: ttp://www.searchfoot.net/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{5e1eb58a-cd04-42a5-b710-2b964d2a3d50}.xpi".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BOAS.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.Bromon.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BroStats.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BRT.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.DspSvc.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.ExpExt.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.FeSvc.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.OfSvc.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.Repmon.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.BOAS.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.ExpExt.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFootBA.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFootBAApp.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFootBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinutilSearchFoot.exe".
  • The file at "<$PROGRAMFILES>SearchFootSearchFoot.Common.dll".
  • The file at "<$PROGRAMFILES>SearchFootSearchFoot.FirstRun.exe".
  • The file at "<$PROGRAMFILES>SearchFootSearchFoot.ico".
  • The file at "<$PROGRAMFILES>SearchFootSearchFootBHO.dll".
  • The file at "<$PROGRAMFILES>SearchFootSearchFootuninstall.exe".
  • The file at "<$PROGRAMFILES>SearchFootupdater.exe".
  • The file at "<$PROGRAMFILES>SearchFootupdateSearchFoot.exe".

Make sure you set your file manager to display hidden and system files. If Ad.SearchFoot uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>SearchFootbinplugins".
  • The directory at "<$PROGRAMFILES>SearchFootbin".
  • The directory at "<$PROGRAMFILES>SearchFoot".

Make sure you set your file manager to display hidden and system files. If Ad.SearchFoot uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "SearchFoot" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "SearchFoot" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update SearchFoot" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update SearchFoot" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update SearchFoot" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareSearchFoot".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareSearchFoot".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareSearchFoot".

If Ad.SearchFoot uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.MarketResearchHelper

The following instructions have been created to help you to get rid of "Ad.MarketResearchHelper" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.MarketResearchHelper claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://marketresearchhelper.com/Privacy

Links (be careful!):

: ttp://marketresearchhelper.com/
: ttp://www.marketresearchhelper.com/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{d524939d-dcea-4579-a3d0-67758ac2ff8e}.xpi".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.BOAS.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.ExpExt.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelperBA.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelperBAApp.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelperBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BOAS.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.Bromon.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BroStats.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BRT.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.DspSvc.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.ExpExt.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.FeSvc.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.OfSvc.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.Repmon.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinutilMarketResearchHelper.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperMarketResearchHelper.Common.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperMarketResearchHelper.FirstRun.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperMarketResearchHelper.ico".
  • The file at "<$PROGRAMFILES>MarketResearchHelperMarketResearchHelperBHO.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperMarketResearchHelperUninstall.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperupdateMarketResearchHelper.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.MarketResearchHelper uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>MarketResearchHelperbinplugins".
  • The directory at "<$PROGRAMFILES>MarketResearchHelperbin".
  • The directory at "<$PROGRAMFILES>MarketResearchHelper".

Make sure you set your file manager to display hidden and system files. If Ad.MarketResearchHelper uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{085C4D33-AB97-4165-9275-6174CF6B530D}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{2ACC2EF3-B127-4F5B-B18C-47763737CB19}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{e71ecfaa-158b-4027-9a01-1959834a82db}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{e71ecfaa-158b-4027-9a01-1959834a82db}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Chrome" at "HKEY_LOCAL_MACHINESOFTWAREMarketResearchHelper".
  • Delete the registry key "Firefox" at "HKEY_CURRENT_USERSoftwareMarketResearchHelper".
  • Delete the registry key "Firefox" at "HKEY_LOCAL_MACHINESOFTWAREMarketResearchHelper".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareMarketResearchHelper".
  • Delete the registry key "Internet Explorer" at "HKEY_LOCAL_MACHINESOFTWAREMarketResearchHelper".
  • Delete the registry key "MarketResearchHelper" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "MarketResearchHelper" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "MarketResearchHelper" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Update MarketResearchHelper" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update MarketResearchHelper" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update MarketResearchHelper" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareMarketResearchHelper".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareMarketResearchHelper".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareMarketResearchHelper".

If Ad.MarketResearchHelper uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.LinkiDoo

The following instructions have been created to help you to get rid of "Ad.LinkiDoo" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.LinkiDoo claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Links (be careful!):

: ttp://linkidoo.biz
: ttp://www.linkidoo.biz

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{75edaf6c-4dcf-4f61-a079-f7488c24b3d9}.xpi".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.BOAS.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.ExpExt.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDooBA.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDooBAApp.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDooBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BOAS.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.Bromon.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BroStats.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BRT.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.DspSvc.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.ExpExt.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.FeSvc.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.OfSvc.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.Repmon.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinutilLinkiDoo.exe".
  • The file at "<$PROGRAMFILES>LinkiDooLinkiDoo.Common.dll".
  • The file at "<$PROGRAMFILES>LinkiDooLinkiDoo.FirstRun.exe".
  • The file at "<$PROGRAMFILES>LinkiDooLinkiDoo.ico".
  • The file at "<$PROGRAMFILES>LinkiDooLinkiDooBHO.dll".
  • The file at "<$PROGRAMFILES>LinkiDooLinkiDoouninstall.exe".
  • The file at "<$PROGRAMFILES>LinkiDoonedmkhahhppfofnniinaggmabnngddjk.crx".
  • The file at "<$PROGRAMFILES>LinkiDooupdateLinkiDoo.exe".
  • The file at "<$PROGRAMFILES>LinkiDooupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.LinkiDoo uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnedmkhahhppfofnniinaggmabnngddjk1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnedmkhahhppfofnniinaggmabnngddjk".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsnedmkhahhppfofnniinaggmabnngddjk".
  • The directory at "<$PROGRAMFILES>LinkiDoobinplugins".
  • The directory at "<$PROGRAMFILES>LinkiDoobin".
  • The directory at "<$PROGRAMFILES>LinkiDoo".

Make sure you set your file manager to display hidden and system files. If Ad.LinkiDoo uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{1F87D8B1-BC1F-435E-9290-EC13863DCAE9}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{5c11f47a-dbf7-4d5f-94a0-f747ce85e935}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{5c11f47a-dbf7-4d5f-94a0-f747ce85e935}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{CD239C93-5F6B-48DD-8CE0-FD7F8F62BBBE}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "LinkiDoo" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "LinkiDoo" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "LinkiDoo" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Update LinkiDoo" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update LinkiDoo" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update LinkiDoo" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "drp" at "HKEY_LOCAL_MACHINESOFTWARELinkiDoo".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareLinkiDoo".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareLinkiDoo".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareLinkiDoo".

If Ad.LinkiDoo uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Fix for System Scan freeze on Zlob.ZipCodec

Many users have recently been affected by a feature in the Spybot program that caused the scanner to freeze on the final file of the scan, and the “Settings” button in the Start Center to become unresponsive.

We are happy to announce that we now have a solution for this issue. If you have experienced this issue and have not been sent this fix, please download and run this small installer.

The installer will replace the file we found was causing the issue.

More information on this can be found here.

Manual Removal Guide for Ad.ResultsAlpha

The following instructions have been created to help you to get rid of "Ad.ResultsAlpha" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.ResultsAlpha claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.resultsalpha.net/Privacy

Links (be careful!):

: ttp://resultsalpha.net
: ttp://www.resultsalpha.net/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{f727685b-ed90-4adc-8eec-8234574a91e6}.xpi".
  • The file at "<$PROGRAMFILES>ResultsAlphaaaokmnpaoippoclepikifeegeknpopea.crx".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BOAS.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.Bromon.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BroStats.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BRT.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.DspSvc.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.ExpExt.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.FeSvc.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.OfSvc.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.Repmon.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.BOAS.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.ExpExt.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlphaBA.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlphaBAApp.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlphaBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinutilResultsAlpha.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphaResultsAlpha.Common.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphaResultsAlpha.FirstRun.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphaResultsAlpha.ico".
  • The file at "<$PROGRAMFILES>ResultsAlphaResultsAlphaBHO.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphaResultsAlphauninstall.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphaupdater.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphaupdateResultsAlpha.exe".

Make sure you set your file manager to display hidden and system files. If Ad.ResultsAlpha uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsaaokmnpaoippoclepikifeegeknpopea1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsaaokmnpaoippoclepikifeegeknpopea".
  • The directory at "<$PROGRAMFILES>ResultsAlphabinplugins".
  • The directory at "<$PROGRAMFILES>ResultsAlphabin".
  • The directory at "<$PROGRAMFILES>ResultsAlpha".

Make sure you set your file manager to display hidden and system files. If Ad.ResultsAlpha uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{B01A1DA4-813F-44BD-B544-77E5DA7EB5A8}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{cbab673a-a480-4050-bd2b-5de24a7a0282}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{cbab673a-a480-4050-bd2b-5de24a7a0282}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{F631E34D-23D3-4ED2-8942-631B8AAF9EA4}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareResultsAlpha".
  • Delete the registry key "resultsalpha.net" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "ResultsAlpha" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "ResultsAlpha" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update ResultsAlpha" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update ResultsAlpha" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update ResultsAlpha" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareResultsAlpha".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareResultsAlpha".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareResultsAlpha".

If Ad.ResultsAlpha uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Kazy

The following instructions have been created to help you to get rid of "Win32.Kazy" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan

Description:

Win32.Kazy copies several malicious library files into the program directory and installs a BHO without giving the user a possibility to cancel that process.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$SYSDIR>bnsspx.dll".
  • The file at "<$SYSDIR>BNSUpdata.exe".
  • The file at "<$SYSDIR>gyblack.lst".

Make sure you set your file manager to display hidden and system files. If Win32.Kazy uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Outobox

The following instructions have been created to help you to get rid of "Ad.Outobox" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Outobox claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://outobox.net/Privacy

Links (be careful!):

: ttp://outobox.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "firefox@outobox.net.xpi".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.BOAS.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.ExpExt.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutoboxBA.dll".
  • The file at "<$PROGRAMFILES>outoboxbinoutoboxBAApp.dll".
  • The file at "<$PROGRAMFILES>outoboxbinoutoboxBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BOAS.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.Bromon.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BroStats.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BRT.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.DspSvc.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.ExpExt.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.FeSvc.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.OfSvc.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.Repmon.dll".
  • The file at "<$PROGRAMFILES>outoboxbinutiloutobox.exe".
  • The file at "<$PROGRAMFILES>outoboxfjpdnoojnohifgekbkmnfbiobhcbedka.crx".
  • The file at "<$PROGRAMFILES>outoboxoutobox.Common.dll".
  • The file at "<$PROGRAMFILES>outoboxoutobox.FirstRun.exe".
  • The file at "<$PROGRAMFILES>outoboxoutobox.ico".
  • The file at "<$PROGRAMFILES>outoboxoutoboxBHO.dll".
  • The file at "<$PROGRAMFILES>outoboxoutoboxuninstall.exe".
  • The file at "<$PROGRAMFILES>outoboxupdateoutobox.exe".
  • The file at "<$PROGRAMFILES>outoboxupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Outobox uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>outoboxbinplugins".
  • The directory at "<$PROGRAMFILES>outoboxbin".
  • The directory at "<$PROGRAMFILES>outobox".

Make sure you set your file manager to display hidden and system files. If Ad.Outobox uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{1EB0A0B0-CABB-495C-A85A-7C8F891799C7}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{30f06672-0e95-41a9-80cb-dee386af99ad}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{30f06672-0e95-41a9-80cb-dee386af99ad}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{B1290521-AB01-40EB-B993-AD122BEFC9E2}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "outobox" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "outobox" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update outobox" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update outobox" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update outobox" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareoutobox".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareoutobox".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareoutobox".

If Ad.Outobox uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.InfoTrigger

The following instructions have been created to help you to get rid of "Ad.InfoTrigger" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.InfoTrigger claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.infotrigger.net/Privacy

Links (be careful!):

: ttp://www.infotrigger.net/
: ttp://www.infotrigger.net/Download

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{513fd515-8786-4d45-8e8e-065f42ad6a66}.xpi".
  • The file at "<$PROGRAMFILES>Info TriggerbinutilInfoTrigger.exe".
  • The file at "<$PROGRAMFILES>Info TriggerInfoTrigger.ico".
  • The file at "<$PROGRAMFILES>Info TriggerInfoTriggerBHO.dll".
  • The file at "<$PROGRAMFILES>Info TriggerupdateInfoTrigger.exe".
  • The file at "<$PROGRAMFILES>Info Triggerupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.InfoTrigger uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>Info Triggerbinplugins".
  • The directory at "<$PROGRAMFILES>Info Triggerbin".
  • The directory at "<$PROGRAMFILES>Info Trigger".

Make sure you set your file manager to display hidden and system files. If Ad.InfoTrigger uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "infotrigger.net" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "InfoTrigger" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".

If Ad.InfoTrigger uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.DoughGo

The following instructions have been created to help you to get rid of "Ad.DoughGo" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.DoughGo is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://www.doughgo.biz/Privacy

Links (be careful!):

: ttp://www.doughgo.biz
: ttp://wwwdoughgobiz-a.akamaihd.net/favicon.ico

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{735c7dda-e3b7-44f2-8521-a39cc0d289b2}.xpi".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.BOAS.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.ExpExt.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGoBA.dll".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGoBAApp.dll".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGoBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BOAS.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.Bromon.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BroStats.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BRT.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.DspSvc.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.ExpExt.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.FeSvc.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.OfSvc.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.Repmon.dll".
  • The file at "<$PROGRAMFILES>DoughGobinutilDoughGo.exe".
  • The file at "<$PROGRAMFILES>DoughGoDoughGo.Common.dll".
  • The file at "<$PROGRAMFILES>DoughGoDoughGo.FirstRun.exe".
  • The file at "<$PROGRAMFILES>DoughGoDoughGo.ico".
  • The file at "<$PROGRAMFILES>DoughGoDoughGoBHO.dll".
  • The file at "<$PROGRAMFILES>DoughGoDoughGouninstall.exe".
  • The file at "<$PROGRAMFILES>DoughGoupdateDoughGo.exe".
  • The file at "<$PROGRAMFILES>DoughGoupdater.exe".
  • The file at "<$SYSDIR>drivers{735c7dda-e3b7-44f2-8521-a39cc0d289b2}w64.sys".

Make sure you set your file manager to display hidden and system files. If Ad.DoughGo uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>DoughGobinplugins".
  • The directory at "<$PROGRAMFILES>DoughGobin".
  • The directory at "<$PROGRAMFILES>DoughGo".

Make sure you set your file manager to display hidden and system files. If Ad.DoughGo uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "DoughGo" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "DoughGo" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update DoughGo" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update DoughGo" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update DoughGo" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareDoughGo".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareDoughGo".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareDoughGo".

If Ad.DoughGo uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SeekApp

The following instructions have been created to help you to get rid of "Ad.SeekApp" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.SeekApp installs program files and a browser extension in order to display advertising content.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "Seekapp".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$COMMONAPPDATA>Seekappseekapp132.exe".
  • The file at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}chrome.manifest".
  • The file at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}chromeseekapp.jar".
  • The file at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}defaultspreferencesprefs.js".
  • The file at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}install.rdf".
  • The file at "<$PROGRAMFILES>Mozilla Firefoxsearchpluginsseekapp132.xml".
  • The file at "<$PROGRAMFILES>Seekappreadme.html".
  • The file at "<$PROGRAMFILES>Seekappseekapp.dll".
  • The file at "<$PROGRAMFILES>Seekappseekapp.exe".
  • The file at "<$PROGRAMFILES>Seekappuninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.SeekApp uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$COMMONAPPDATA>Seekapp".
  • The directory at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}chrome".
  • The directory at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}defaultspreferences".
  • The directory at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}defaults".
  • The directory at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}".
  • The directory at "<$PROGRAMFILES>Seekapp".

Make sure you set your file manager to display hidden and system files. If Ad.SeekApp uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "Seekapp Service" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Seekapp Service" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Seekapp Service" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "Seekapp" at "HKEY_LOCAL_MACHINESOFTWARE".

If Ad.SeekApp uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.ViewPlay

The following instructions have been created to help you to get rid of "Ad.ViewPlay" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.ViewPlay is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://www.viewplay.net/Privacy

Links (be careful!):

: ttp://www.viewplay.net
: ttp://wwwviewplaynet-a.akamaihd.net/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BOAS.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Bromon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BroStats.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BRT.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.DspSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.ExpExt.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.FeSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.OfSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Repmon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinutilViewPlay.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOAS.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BrowserFilter.Helper.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.ExpExt.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBA.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBAApp.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>ViewPlayupdater.exe".
  • The file at "<$PROGRAMFILES>ViewPlayupdateViewPlay.exe".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.Common.dll".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.FirstRun.exe".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.ico".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayBHO.7z".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayBHO.dll".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayFR.7z".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayuninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.ViewPlay uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>ViewPlaybinplugins".
  • The directory at "<$PROGRAMFILES>ViewPlaybin".
  • The directory at "<$PROGRAMFILES>ViewPlay".

Make sure you set your file manager to display hidden and system files. If Ad.ViewPlay uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{6336aaf8-3481-495b-bb79-70deb1f1590d}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6336aaf8-3481-495b-bb79-70deb1f1590d}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{BB412D2C-F5A0-442B-8923-9109CE207B2A}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{DB2BC9D8-FE5A-4D34-9340-40054F0A44FE}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "viewplay.net" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "ViewPlay" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "ViewPlay" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareViewPlay".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareViewPlay".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareViewPlay".

If Ad.ViewPlay uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.BeatTool

The following instructions have been created to help you to get rid of "Ad.BeatTool" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.BeatTool is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>BeatToolBeatTool.Common.dll".
  • The file at "<$PROGRAMFILES>BeatToolBeatTool.FirstRun.exe".
  • The file at "<$PROGRAMFILES>BeatToolBeatTool.ico".
  • The file at "<$PROGRAMFILES>BeatToolBeatToolBHO.dll".
  • The file at "<$PROGRAMFILES>BeatToolBeatTooluninstall.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.BOAS.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.ExpExt.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatToolBA.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatToolBAApp.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatToolBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BOAS.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.Bromon.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BroStats.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BRT.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.DspSvc.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.ExpExt.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.FeSvc.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.OfSvc.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.Repmon.dll&q