Manual Removal Guide for PU.NZellCodec

The following instructions have been created to help you to get rid of "PU.NZellCodec" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • pups

Description:
PU.NZellCodec installs several video codecs and connects to korean adware servers in the background.
Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.
  • Entries named "nzellwatch" and pointing to "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\NZellCodecUpdate.exe".

Important: There are more autorun entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.
  • Products that have a key or property named "NzelCodecPack".
  • Products that have a key or property named "NZellCodecPack".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\nzellcodec_uninstall.exe".
  • The file at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\NZellCodecUpdate.exe".
Make sure you set your file manager to display hidden and system files. If PU.NZellCodec uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\audio\ac3 filter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\audio\corevorbis".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\audio\lameDS".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\audio\mp4 splitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\audio\oggsplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\audio\shoutcastsource".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\audio".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\caption".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\avi2ac3filter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\avisplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\cddareader".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\cdxareader".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\d2vsource".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\diracsplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\divx3".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\divx5".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\dscaler".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\dsmmuxer".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\dsmsplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\ffdshow\custom matrices".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\ffdshow\languages".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\ffdshow".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\flvsplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\hallisplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\matroskamuxer".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\matroskasplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\mms".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\mpegsplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\realmediasplitter".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\streamdrivethru".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\subtitlesource".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\vtsreader".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video\x264".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs\video".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\codecs".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools\asf2mkv".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools\divfix \docs".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools\divfix \locale\hu".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools\divfix \locale\tr".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools\divfix \locale".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools\divfix ".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools\gspot".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools\mpc".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack\tools".
  • The directory at "<$PROGRAMFILES>\nzellsoft\NzellCodecPack".
  • The directory at "<$PROGRAMFILES>\nzellsoft".
Make sure you set your file manager to display hidden and system files. If PU.NZellCodec uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "NZellCodecPack" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
If PU.NZellCodec uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.IEFXZ

The following instructions have been created to help you to get rid of "PU.IEFXZ" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • pups
  • bho

Description:
PU.IEFXZ installs as a chinese Browser Helper Object (BHO) for Internet Explorer in programfiles directory. It changes search scopes and connects to remote servers.
Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.
  • Products that have a key or property named "IEFXZ".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>\IEfxz\iefxz.dll".
  • The file at "<$PROGRAMFILES>\IEfxz\uninst.exe".
Make sure you set your file manager to display hidden and system files. If PU.IEFXZ uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>\IEfxz".
Make sure you set your file manager to display hidden and system files. If PU.IEFXZ uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • A key in HKEY_CLASSES_ROOT\ named "IEFXZ.Obj.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "IEFXZ.Obj", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "IEFXZHelper.Obj.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "IEFXZHelper.Obj", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "IEFXZTool.Obj.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "IEFXZTool.Obj", plus associated values.
  • Delete the registry key "{61F0024B-8278-4999-B7E6-2718426D9FE6}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\".
  • Delete the registry key "{61F0024B-8278-4999-B7E6-2718426D9FE6}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
  • Delete the registry key "{6A49F431-2A2E-41a5-9080-0F41D1A3AEC1}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{6A49F431-2A2E-41a5-9080-0F41D1A3AEC1}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
  • Delete the registry key "{6A49F431-2A2E-41a5-9080-0F41D1A3AEC2}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{6A49F431-2A2E-41A5-9080-0F41D1A3AEC2}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\".
  • Delete the registry key "{6A49F431-2A2E-41A5-9080-0F41D1A3AEC2}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
  • Delete the registry key "{6A49F431-2A2E-41a5-9080-0F41D1A3AEC2}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{6A49F431-2A2E-41a5-9080-0F41D1A3AEC3}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "IEFXZ" at "HKEY_CURRENT_USER\Software\".
If PU.IEFXZ uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for OutBrowse

The following instructions have been created to help you to get rid of "OutBrowse" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • pups

Description:
OutBrowse distributes free software with other unwanted programs which are installed optionally with the installer.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$LOCALSETTINGS>\Temp\SearchProtectChecker.exe".
Make sure you set your file manager to display hidden and system files. If OutBrowse uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$LOCALAPPDATA>\SearchProtect\Logs".
  • The directory at "<$LOCALAPPDATA>\SearchProtect".
Make sure you set your file manager to display hidden and system files. If OutBrowse uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Agent.pyma

The following instructions have been created to help you to get rid of "Win32.Agent.pyma" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan

Description:

Win32.Agent.pyma is a malicious script compiled with Python2Exe.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "Fierce Store.exe".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.pyma uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{AE568478-B559-192A-3679-ABB2CC5C3FC5}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".

If Win32.Agent.pyma uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.QuickSeeker

The following instructions have been created to help you to get rid of "PU.QuickSeeker" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.QuickSeeker is part of the CyclonMedia/ Ad.Cyclone framework. This application is often installed unintentionally.

Links (be careful!):

:

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "QuickSeeker20130820".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$SYSDRIVE>\QuickSeeker20130820\bl_home.txt".
  • The file at "<$SYSDRIVE>\QuickSeeker20130820\bl_search.txt".
  • The file at "<$SYSDRIVE>\QuickSeeker20130820\Connector.exe".
  • The file at "<$SYSDRIVE>\QuickSeeker20130820\ie_home.bat".
  • The file at "<$SYSDRIVE>\QuickSeeker20130820\Protector.exe".
  • The file at "<$SYSDRIVE>\QuickSeeker20130820\RunOnce.cmd".
  • The file at "<$SYSDRIVE>\QuickSeeker20130820\TempWmicBatchFile.bat".
  • The file at "<$SYSDRIVE>\QuickSeeker20130820\Uninstall.cmd".

Make sure you set your file manager to display hidden and system files. If PU.QuickSeeker uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$SYSDRIVE>\QuickSeeker20130820".

Make sure you set your file manager to display hidden and system files. If PU.QuickSeeker uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.CyclonGems

The following instructions have been created to help you to get rid of "Ad.CyclonGems" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.CyclonGems is an adware framework. Once installed it opens random advertising web sites within the default browser.

Links (be careful!):

: ttp://ww7.cyclon-gems.com/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALSETTINGS>\Temp\Gems\GemsContextHelper.exe".
  • The file at "<$LOCALSETTINGS>\Temp\Gems\GemsHome.exe".

Make sure you set your file manager to display hidden and system files. If Ad.CyclonGems uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$LOCALSETTINGS>\Temp\Gems".

Make sure you set your file manager to display hidden and system files. If Ad.CyclonGems uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.Context2pro

The following instructions have been created to help you to get rid of "PU.Context2pro" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.Context2pro is part of the CyclonMedia/ Ad.Cyclone framework. This application is often installed unintentionally.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "7Zipconadvanced" and pointing to "<$LOCALAPPDATA>\Context2pro\conadvanced.exe".
  • Entries named "7Zipcontextfr" and pointing to "<$LOCALAPPDATA>\Context2pro\contextfr.exe".
  • Entries named "7Zipcontextprod" and pointing to "<$LOCALAPPDATA>\Context2pro\contextprod.exe".

Important: There are more autorun entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALAPPDATA>\Context2pro\conadvanced.exe".
  • The file at "<$LOCALAPPDATA>\Context2pro\Context2pro_Uninstaller.exe".
  • The file at "<$LOCALAPPDATA>\Context2pro\contextfr.exe".
  • The file at "<$LOCALAPPDATA>\Context2pro\contextnav.exe".
  • The file at "<$LOCALAPPDATA>\Context2pro\contextprod.exe".
  • The file at "<$LOCALAPPDATA>\Context2pro\libwindoc.exe".

Make sure you set your file manager to display hidden and system files. If PU.Context2pro uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$LOCALAPPDATA>\Context2pro".

Make sure you set your file manager to display hidden and system files. If PU.Context2pro uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "AdServer" at "HKEY_CURRENT_USER\Software\Context2pro\contextprod\".
  • Delete the registry key "Context2pro" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "Context2pro" at "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "contextprod" at "HKEY_CURRENT_USER\Software\Context2pro\".
  • Remove "<regexpr>http. " from registry value "KeywordsPath" at "HKEY_CURRENT_USER\Software\Context2pro\contextprod\AdServer\".

If PU.Context2pro uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.Buzzdock

The following instructions have been created to help you to get rid of "PU.Buzzdock" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.Buzzdock is a search enhancement extension that shows advertising in search requests. It is part of the Alactro LLC an Yontoo adware framework.

Privacy Statement:

http://www.buzzdock.com/privacy_2.0

Links (be careful!):

: ttp://www.buzzdock.com/
: ttps://chrome.google.com/webstore/detail/buzzdock/ejaodgecffaefnnoggjpogblnlpejkma

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$COMMONPROGRAMS>\Buzzdock\Buzzdock Support Site.lnk".
  • The file at "<$COMMONPROGRAMS>\Buzzdock\Buzzdock.lnk".
  • The file at "<$COMMONPROGRAMS>\Buzzdock\Uninstall.lnk".
  • The file at "<$PROGRAMFILES>\Buzzdock\Buzzdock Support.url".
  • The file at "<$PROGRAMFILES>\Buzzdock\Buzzdock.ico".
  • The file at "<$PROGRAMFILES>\Buzzdock\Buzzdock.url".
  • The file at "<$PROGRAMFILES>\Buzzdock\BuzzdockIEClient.dll".
  • The file at "<$PROGRAMFILES>\Buzzdock\Uninstall.url".

Make sure you set your file manager to display hidden and system files. If PU.Buzzdock uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$COMMONPROGRAMS>\Buzzdock".
  • The directory at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Extensions\ejaodgecffaefnnoggjpogblnlpejkma\2.1.5_0".
  • The directory at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Extensions\ejaodgecffaefnnoggjpogblnlpejkma".
  • The directory at "<$PROGRAMFILES>\Buzzdock".

Make sure you set your file manager to display hidden and system files. If PU.Buzzdock uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT\ named "BuzzdockIEClient.Api.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "BuzzdockIEClient.Api", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "BuzzdockIEClient.Layers.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "BuzzdockIEClient.Layers", plus associated values.
  • Delete the registry key "{220EB34E-DC2B-4B04-AD40-A1C7C31731F2}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "{435D09AA-DDE4-4B40-9129-08F025ECA349}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{435D09AA-DDE4-4B40-9129-08F025ECA349}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{4A3DEECA-A579-44BC-BCF3-167F4B9E8E4C}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{83C58580-EC6E-48CD-9521-B95874483BEB}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{BE3A76AC-F071-4C7F-9B7A-D974B4F52DCA}" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "{C8C107B2-28C2-472D-9BD4-6A25776841D1}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "BuzzdockIEClient.DLL" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "ejaodgecffaefnnoggjpogblnlpejkma" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\".

If PU.Buzzdock uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Yabector

The following instructions have been created to help you to get rid of "Ad.Yabector" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.Yabector installs executable files in program files directory and links to ebay on users desktop and quicklaunch.

Removal Instructions:

Desktop:

Please remove the following files from your desktop.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.

  • Shortcuts named "eBay Startseite.lnk" and pointing to "<$PROGRAMFILES>\ClearProg\eBay\eBayShortcuts.exe".

Quicklaunch area:

Please remove the following items from your start quick launch area text to the "Start" button in the taskbar at the bottom.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.

  • Quicklaunch symbols named "eBay Startseite.lnk" and pointing to "<$PROGRAMFILES>\ClearProg\eBay\eBayShortcuts.exe".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$APPDATA>\AD ON Multimedia\eBay Shortcuts\config.ini".
  • The file at "<$PROGRAMFILES>\ClearProg\eBay\eBayShortcuts.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Yabector uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\AD ON Multimedia\eBay Shortcuts".
  • The directory at "<$APPDATA>\AD ON Multimedia".
  • The directory at "<$PROGRAMFILES>\ClearProg\eBay".

Make sure you set your file manager to display hidden and system files. If Ad.Yabector uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Agent.fkap

The following instructions have been created to help you to get rid of "Win32.Agent.fkap" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan
  • bho

Description:

Win32.Agent.fkap installs a Browser Helper Object (BHO) "favoclickBHO" in the Internet Explorer without user consent.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "favoclick" and pointing to "<$PROGRAMFILES>\favoclick\favoclickup.exe".

Important: There are more autorun entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "favoclick uninstall".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\favoclick\domainrefer.ini".
  • The file at "<$PROGRAMFILES>\favoclick\favoclick.dll".
  • The file at "<$PROGRAMFILES>\favoclick\favoclickup.exe".
  • The file at "<$PROGRAMFILES>\favoclick\keycode.ini".
  • The file at "<$PROGRAMFILES>\favoclick\uninstall.exe".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.fkap uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\favoclick".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.fkap uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT\ named "favoclick.favoclickBho.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "favoclick.favoclickBho", plus associated values.
  • Delete the registry key "{249323EB-4152-4ED9-800B-C699E67F6568}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{6A0C33CA-4C02-4BF6-A96E-37336BD1CE44}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{6A0C33CA-4C02-4BF6-A96E-37336BD1CE44}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{8C5607BF-C2F8-4511-912D-8763C1D8CF48}" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "{B626D345-31AE-4156-933F-10F076FD96ED}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "favoc" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "favoclick.DLL" at "HKEY_CLASSES_ROOT\AppID\".

If Win32.Agent.fkap uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for ShoppingSidekick

The following instructions have been created to help you to get rid of "ShoppingSidekick" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

ShoppingSidekick installs a multitude of adware during the installation process of other software. Even if the installation process will be canceled adware will be dropped.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "Shopping Sidekick Plugin".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\ButtonUtil.dll".
  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll".
  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\Shopping Sidekick Plugin.exe".
  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\Shopping Sidekick Plugin.ico".
  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\Shopping Sidekick Plugin.ini".
  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\Shopping Sidekick Plugin-bg.exe".
  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\Shopping Sidekick PluginGui.exe".
  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\Shopping Sidekick PluginInstaller.log".
  • The file at "<$PROGRAMFILES>\Shopping Sidekick Plugin\Uninstall.exe".

Make sure you set your file manager to display hidden and system files. If ShoppingSidekick uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$LOCALAPPDATA>\Shopping Sidekick Plugin\Chrome".
  • The directory at "<$LOCALAPPDATA>\Shopping Sidekick Plugin".
  • The directory at "<$PROGRAMFILES>\Shopping Sidekick Plugin".

Make sure you set your file manager to display hidden and system files. If ShoppingSidekick uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "Shopping Sidekick Plugin" at "HKEY_CURRENT_USER\Software\".

If ShoppingSidekick uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.OtherSearch

The following instructions have been created to help you to get rid of "PU.OtherSearch" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.OtherSearch might be installed inadvertently by PowerPack setup files. This software installs i.a. the adware zdengine.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\OtherSearch\uninstall.exe".
  • The file at "<$PROGRAMFILES>\OtherSearch\zdengine.dll".
  • The file at "<$PROGRAMFILES>\OtherSearch\zdengine.exe".
  • The file at "<$PROGRAMFILES>\OtherSearch\zdengine.tlb".
  • The file at "<$PROGRAMFILES>\OtherSearch\zdengine64.dll".
  • The file at "<$PROGRAMFILES>\OtherSearch\zdenginecert.dll".
  • The file at "<$PROGRAMFILES>\OtherSearch\zdinstaller.exe".
  • The file at "<$PROGRAMFILES>\OtherSearch\zdwfp.sys".
  • The file at "<$PROGRAMFILES>\OtherSearch\zdwfp64.sys".
  • The file at "<$PROGRAMFILES>\OtherSearch\ziengine.exe".
  • The file at "<$PROGRAMFILES>\OtherSearch\ziengine.ini".
  • The file at "<$PROGRAMFILES>\OtherSearch\ziengine64.exe".

Make sure you set your file manager to display hidden and system files. If PU.OtherSearch uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\OtherSearch".

Make sure you set your file manager to display hidden and system files. If PU.OtherSearch uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "Components" at "HKEY_LOCAL_MACHINE\SOFTWARE\OtherSearch\".
  • Delete the registry key "OtherSearch" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
  • Delete the registry key "OtherSearch" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "zdengine" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "zdengine" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "zdengine" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "uid" at "HKEY_LOCAL_MACHINE\SOFTWARE\OtherSearch\".

If PU.OtherSearch uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.3721Assist

The following instructions have been created to help you to get rid of "PU.3721Assist" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups
  • bho

Description:

PU.3721Assist installs Browser Add-Ons and files and folders into the program files subfolder "3721". It displays advertisements and monitors the search requests.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "{1B0E7716-898E-48cc-9690-4E338E8DE1D3}".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\3721\assist\adfilter.dll".
  • The file at "<$PROGRAMFILES>\3721\assist\assisres.dll".
  • The file at "<$PROGRAMFILES>\3721\assist\assist.dll".
  • The file at "<$PROGRAMFILES>\3721\assist\eheflash.dll".
  • The file at "<$PROGRAMFILES>\3721\assist\optimum.dll".
  • The file at "<$PROGRAMFILES>\3721\assist\repair.dll".
  • The file at "<$PROGRAMFILES>\3721\autolive.dll".
  • The file at "<$PROGRAMFILES>\3721\Helper.dll".

Make sure you set your file manager to display hidden and system files. If PU.3721Assist uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\3721\3721\assist".
  • The directory at "<$PROGRAMFILES>\3721\3721".
  • The directory at "<$PROGRAMFILES>\3721\assist".
  • The directory at "<$PROGRAMFILES>\3721".

Make sure you set your file manager to display hidden and system files. If PU.3721Assist uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT\ named "Assist.EasyAssist.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "Assist.EasyAssist", plus associated values.
  • Delete the registry key "{19069804-2CF0-4357-B696-BA6E9AAD99EF}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{1B0E7716-898E-48CC-9690-4E338E8DE1D3}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{1B0E7716-898E-48cc-9690-4E338E8DE1D3}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{924F5B3A-7A27-484A-B873-E855C9708667}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "3721" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "3721" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
  • Delete the registry value "{1B0E7716-898E-48cc-9690-4E338E8DE1D3}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\".
  • Delete the registry value "{1B0E7716-898E-48cc-9690-4E338E8DE1D3}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".

If PU.3721Assist uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Zdengine

The following instructions have been created to help you to get rid of "Ad.Zdengine" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.Zdengine might be installed inadvertently by PowerPack setup files. This product claims to protects web browsers. It installs a service file.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALSETTINGS>\Temp\zdengine.log".
  • The file at "<$LOCALSETTINGS>\Temp\ziengine.ini.log".
  • The file at "<$SYSDIR>\zdengine.dll".
  • The file at "<$SYSDIR>\zdengine.ini".
  • The file at "<$SYSDIR>\zdengineOff.ini".
  • The file at "<$WINDIR>\Temp\zdengine.log".

Make sure you set your file manager to display hidden and system files. If Ad.Zdengine uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{176F706B-5175-479C-A3DF-32420F6FB01A}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{25B1494D-230A-42CF-BBF6-EC73868D13DC}" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "{38BE2BE8-EB8E-41D1-9D94-3B1697094D47}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{53C267B2-B01D-410F-A4DD-A32962EE55F4}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{63492C58-6CD7-4FF7-8495-06A6869643EE}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{8804A543-42D3-4D71-9685-B0243D5526F3}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{A0F322D5-6A13-4CAB-84CF-FABB5690618E}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{AC3E336C-B524-47F0-9AA2-5F67AA056086}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{C68E9BB6-3DBD-4C4B-910B-C5D84A7EBB03}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{F577A1BA-D82D-4BB2-8430-B767285D081D}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "zdengine.EXE" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "zdengine" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\".
  • Delete the registry key "zdengine" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "zdengine" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "zdengine" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.Zdengine uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.WSeven

The following instructions have been created to help you to get rid of "Ad.WSeven" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.WSeven is a variant of the Eorezo adware.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "win_en_77" and pointing to "?<$PROGRAMFILES>\win_en_77\win_en_77.exe?".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALAPPDATA>\win_en_77\win_en_77\2.00\cnf.cyl".
  • The file at "<$LOCALAPPDATA>\win_en_77\win_en_77\2.00\eorezo.cyl".
  • The file at "<$PROGRAMFILES>\win_en_77\unins000.dat".
  • The file at "<$PROGRAMFILES>\win_en_77\win_en_77.exe".

Make sure you set your file manager to display hidden and system files. If Ad.WSeven uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$LOCALAPPDATA>\win_en_77\win_en_77".
  • The directory at "<$LOCALAPPDATA>\win_en_77".
  • The directory at "<$PROGRAMFILES>\win_en_77".

Make sure you set your file manager to display hidden and system files. If Ad.WSeven uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "win_en_77_is1" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "win_en_77" at "HKEY_LOCAL_MACHINE\SOFTWARE\WIN\".

If Ad.WSeven uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SmarterPower

The following instructions have been created to help you to get rid of "Ad.SmarterPower" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.SmarterPower is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.BOAS.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.Bromon.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.BroStats.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\plugins\SmarterPower.Repmon.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\SmarterPower.BOAS.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\SmarterPower.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\SmarterPower.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\SmarterPower.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\SmarterPower.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\SmarterPower.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\SmarterPowerBA.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\SmarterPowerBAApp.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\bin\utilSmarterPower.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\SmarterPower.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\SmarterPower.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\SmarterPower.ico".
  • The file at "<$PROGRAMFILES>\SmarterPower\SmarterPowerbho.dll".
  • The file at "<$PROGRAMFILES>\SmarterPower\SmarterPoweruninstall.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\updater.exe".
  • The file at "<$PROGRAMFILES>\SmarterPower\updateSmarterPower.exe".
  • The file at "<$SYSDIR>\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}gw64.sys".

Make sure you set your file manager to display hidden and system files. If Ad.SmarterPower uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\SmarterPower\bin\plugins".
  • The directory at "<$PROGRAMFILES>\SmarterPower\bin".
  • The directory at "<$PROGRAMFILES>\SmarterPower".

Make sure you set your file manager to display hidden and system files. If Ad.SmarterPower uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{98D9C91C-10F5-4B34-BD72-AE981CAA6F54}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{bd7c9b62-a7d9-4405-be51-7fd633f08791}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{bd7c9b62-a7d9-4405-be51-7fd633f08791}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{BE7650B2-5936-4EE6-B4F2-AE385DB13A90}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "SmarterPower" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "SmarterPower" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update SmarterPower" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update SmarterPower" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update SmarterPower" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.SmarterPower uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.EasyHotspot

The following instructions have been created to help you to get rid of "PU.EasyHotspot" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.EasyHotspot might be installed inadvertently by PowerPack setup files. This software installs amongst others Wizzcaster files with obfuscated version information.

Links (be careful!):

: ttp://asiasoftwaretools.com/
: ttp://easyhotspot.asiasoftwaretools.com/Privacy.html

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "Caster" and pointing to "<$PROGRAMFILES>\EasyHotspot\wizzcaster.exe".
  • Entries named "EasyHotspot" and pointing to "?<$PROGRAMFILES>\EasyHotspot\EasyHotspot.exe?".
  • Entries named "IDSCPRODUCT" and pointing to "?<$PROGRAMFILES>\EasyHotspot\idscservice.exe?".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$DESKTOP>\EasyHotspot.lnk".
  • The file at "<$PROGRAMFILES>\EasyHotspot\config.conf".
  • The file at "<$PROGRAMFILES>\EasyHotspot\EasyHotspot.exe".
  • The file at "<$PROGRAMFILES>\EasyHotspot\idscservice.exe".
  • The file at "<$PROGRAMFILES>\EasyHotspot\unins000.dat".
  • The file at "<$PROGRAMFILES>\EasyHotspot\unins000.exe".
  • The file at "<$PROGRAMFILES>\EasyHotspot\uninstaller.exe".
  • The file at "<$PROGRAMFILES>\EasyHotspot\UninstallerCaster.exe".
  • The file at "<$PROGRAMFILES>\EasyHotspot\wizzcaster.exe".

Make sure you set your file manager to display hidden and system files. If PU.EasyHotspot uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\EasyHotspot".

Make sure you set your file manager to display hidden and system files. If PU.EasyHotspot uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "EasyHotspot_is1" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "idsc" at "HKEY_CURRENT_USER\Software\Microsoft\".
  • Delete the registry key "Wizzcaster" at "HKEY_CURRENT_USER\Software\Wizzlabs\".
  • Delete the registry key "Wizzlabs" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry value "product" at "HKEY_CURRENT_USER\Software\Microsoft\idsc\".

If PU.EasyHotspot uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.DonkeyCodec

The following instructions have been created to help you to get rid of "PU.DonkeyCodec" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.DonkeyCodec is a Korean codec installer for video decoding. It creates a folder in the program files folder and runs on system startup.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "donkeycodec" and pointing to "?<$PROGRAMFILES>\donkeycodec\donkeycodecupdatecheck.exe*".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "uninst_donkeycd".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\donkeycodec\donkeycodecupdatecheck.exe".
  • The file at "<$PROGRAMFILES>\donkeycodec\Uninstall.exe".

Make sure you set your file manager to display hidden and system files. If PU.DonkeyCodec uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\donkeycodec\codec\subtitle\VSFilter".
  • The directory at "<$PROGRAMFILES>\donkeycodec\codec\subtitle".
  • The directory at "<$PROGRAMFILES>\donkeycodec\codec\video\avisplitter".
  • The directory at "<$PROGRAMFILES>\donkeycodec\codec\video\Divx".
  • The directory at "<$PROGRAMFILES>\donkeycodec\codec\video\Xvid".
  • The directory at "<$PROGRAMFILES>\donkeycodec\codec\video".
  • The directory at "<$PROGRAMFILES>\donkeycodec\codec".
  • The directory at "<$PROGRAMFILES>\donkeycodec".

Make sure you set your file manager to display hidden and system files. If PU.DonkeyCodec uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "donkeycodec" at "HKEY_LOCAL_MACHINE\SOFTWARE\".

If PU.DonkeyCodec uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for KeyloggerLite

The following instructions have been created to help you to get rid of "KeyloggerLite" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • keylogger

Description:

KeyloggerLite records all keystrokes made during the session. It is invisible to all users, except to the one who installed the program. The logged keystokes can be stored in a previously created directory and are therefore not easy to be found. Those logfiles can be sent to a specified email-address. There is an option to generate an autorun entry so that the program starts any time the computer is started. It comes as evaluation copy for seven days, after this period users have to purchase a license.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "Keylogger Lite".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$DESKTOP>\Keylogger Lite.lnk".
  • The file at "<$PROGRAMFILES>\Keylogger Lite\KLite.exe".
  • The file at "<$PROGRAMFILES>\Keylogger Lite\kls.dll".
  • The file at "<$PROGRAMFILES>\Keylogger Lite\Uninstall.exe".

Make sure you set your file manager to display hidden and system files. If KeyloggerLite uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Keylogger Lite".
  • The directory at "<$PROGRAMS>\Keylogger Lite".

Make sure you set your file manager to display hidden and system files. If KeyloggerLite uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.HighliteApp

The following instructions have been created to help you to get rid of "Ad.HighliteApp" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.HighliteApp is adware that creates a program files directory and starts a system service.

Links (be careful!):

: ttp://ww2.highliteapp.com

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\HighliteApp\hlapp.dll".
  • The file at "<$PROGRAMFILES>\HighliteApp\hlupdate.exe".
  • The file at "<$PROGRAMFILES>\HighliteApp\icon.ico".
  • The file at "<$PROGRAMFILES>\HighliteApp\uninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.HighliteApp uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\HighliteApp".

Make sure you set your file manager to display hidden and system files. If Ad.HighliteApp uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "HighliteApp" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "HighliteApp" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "HighliteApp" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "HighliteApp" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.HighliteApp uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Agent.lhu

The following instructions have been created to help you to get rid of "Win32.Agent.lhu" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan

Description:

Win32.Agent.lhu creates files and folders ins programfiles directory.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "VnrPack" and pointing to "<$PROGRAMFILES>\VnrPack\VnrPack??.exe".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\VnrPack\uninstall.exe".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.lhu uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\VnrPack".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.lhu uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "VnrPack" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "VnrPack" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".

If Win32.Agent.lhu uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.iQiyi

The following instructions have been created to help you to get rid of "PU.iQiyi" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.iQiyi is a media player application of Chinese origin that contains the ‘Baidu.Hao123’ adware application. PU.iQiyi is often installed without any user consent. This signature detects the adware component.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\iQiyi\hao123.exe".

Make sure you set your file manager to display hidden and system files. If PU.iQiyi uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{0180E49C-13BF-46DB-9AFD-9F52292E1C22}" at "HKEY_CLASSES_ROOT\CLSID\".

If PU.iQiyi uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for AdvancedTracksCleaner

The following instructions have been created to help you to get rid of "AdvancedTracksCleaner" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

AdvancedTracksCleaner cleans tracks of several programs. It comes as evaluation copy for seven days, after this period users have to purchase a license.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "Advanced Tracks Cleaner".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$DESKTOP>\Advanced Tracks Cleaner.lnk".
  • The file at "<$PROGRAMFILES>\Advanced Tracks Cleaner\Advanced Tracks Cleaner.chm".
  • The file at "<$PROGRAMFILES>\Advanced Tracks Cleaner\Advanced Tracks Cleaner.exe".
  • The file at "<$PROGRAMFILES>\Advanced Tracks Cleaner\Uninstall.exe".
  • The file at "<$PROGRAMFILES>\Advanced Tracks Cleaner\Visit the Official Advanced Tracks Cleaner Website.url".

Make sure you set your file manager to display hidden and system files. If AdvancedTracksCleaner uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Advanced Tracks Cleaner\Data".
  • The directory at "<$PROGRAMFILES>\Advanced Tracks Cleaner".
  • The directory at "<$PROGRAMS>\Advanced Tracks Cleaner".

Make sure you set your file manager to display hidden and system files. If AdvancedTracksCleaner uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Kozaka

The following instructions have been created to help you to get rid of "Ad.Kozaka" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Kozaka is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://kozaka.net/Privacy

Links (be careful!):

: ttp://kozaka.net
: ttp://www.kozaka.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{ce2cc6b9-0133-4405-9775-8944501dc17c}.xpi".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\Kozaka.BOAS.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\Kozaka.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\Kozaka.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\Kozaka.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\Kozaka.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\Kozaka.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\Kozaka.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\Kozaka.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\KozakaBA.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\KozakaBAApp.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\KozakaBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.BOAS.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.Bromon.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.BroStats.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.BRT.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\plugins\Kozaka.Repmon.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\bin\utilKozaka.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\Kozaka.Common.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\Kozaka.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\Kozaka.ico".
  • The file at "<$PROGRAMFILES>\Kozaka\KozakaBHO.dll".
  • The file at "<$PROGRAMFILES>\Kozaka\Kozakauninstall.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\mciekghplkkgcmofonmkmlomhkamochd.crx".
  • The file at "<$PROGRAMFILES>\Kozaka\updateKozaka.exe".
  • The file at "<$PROGRAMFILES>\Kozaka\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Kozaka uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Kozaka\bin\plugins".
  • The directory at "<$PROGRAMFILES>\Kozaka\bin".
  • The directory at "<$PROGRAMFILES>\Kozaka".

Make sure you set your file manager to display hidden and system files. If Ad.Kozaka uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{7357A44B-D09F-40DA-9B0B-639C741A471D}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{a45e3fa8-5048-4372-94ad-c6661671f7fc}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{C5C68B66-D3BF-4EF2-9AAD-8C15B10039FF}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "Kozaka" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "Kozaka" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update Kozaka" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update Kozaka" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update Kozaka" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\Kozaka\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\Kozaka\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\Kozaka\".

If Ad.Kozaka uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Agent.dqec

The following instructions have been created to help you to get rid of "Win32.Agent.dqec" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan
  • downloader

Description:

Win32.Agent.dqec installs other files and creates an autorun entry "eystouchs". It connects to remote servers in the background.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "eystouchs" and pointing to "<$PROGRAMFILES>\eystouchs\eystouchs.exe".

Important: There are more autorun entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\eystouchs\eystouchs.exe".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.dqec uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\eystouchs".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.dqec uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "eystouchs" at "HKEY_LOCAL_MACHINE\SOFTWARE\".

If Win32.Agent.dqec uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.FocusBase

The following instructions have been created to help you to get rid of "Ad.FocusBase" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.FocusBase is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbase.BOAS.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbase.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbase.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbase.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbase.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbase.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbase.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbase.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbaseBA.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbaseBAApp.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\focusbaseBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.BOAS.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.Bromon.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.BroStats.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.BRT.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\plugins\focusbase.Repmon.dll".
  • The file at "<$PROGRAMFILES>\focusbase\bin\utilfocusbase.exe".
  • The file at "<$PROGRAMFILES>\focusbase\focusbase.Common.dll".
  • The file at "<$PROGRAMFILES>\focusbase\focusbase.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\focusbase\focusbase.ico".
  • The file at "<$PROGRAMFILES>\focusbase\focusbaseBHO.dll".
  • The file at "<$PROGRAMFILES>\focusbase\focusbaseuninstall.exe".
  • The file at "<$PROGRAMFILES>\focusbase\updatefocusbase.exe".
  • The file at "<$PROGRAMFILES>\focusbase\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.FocusBase uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$LOCALSETTINGS>\Temp\focusbase".
  • The directory at "<$PROGRAMFILES>\focusbase\bin\plugins".
  • The directory at "<$PROGRAMFILES>\focusbase\bin".
  • The directory at "<$PROGRAMFILES>\focusbase".

Make sure you set your file manager to display hidden and system files. If Ad.FocusBase uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "focusbase" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "focusbase" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update focusbase" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update focusbase" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update focusbase" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.FocusBase uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.EnhanceTronic

The following instructions have been created to help you to get rid of "Ad.EnhanceTronic" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.EnhanceTronic is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronic.BOAS.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronic.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronic.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronic.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronic.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronic.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronic.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronic.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronicBA.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronicBAApp.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\EnhanceTronicBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.BOAS.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.Bromon.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.BroStats.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.BRT.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins\EnhanceTronic.Repmon.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\bin\utilEnhanceTronic.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\EnhanceTronic.Common.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\EnhanceTronic.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\EnhanceTronic.ico".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\EnhanceTronicBHO.dll".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\EnhanceTronicuninstall.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\updateEnhanceTronic.exe".
  • The file at "<$PROGRAMFILES>\EnhanceTronic\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.EnhanceTronic uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\EnhanceTronic\bin\plugins".
  • The directory at "<$PROGRAMFILES>\EnhanceTronic\bin".
  • The directory at "<$PROGRAMFILES>\EnhanceTronic".

Make sure you set your file manager to display hidden and system files. If Ad.EnhanceTronic uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{0D9F11B5-1DC9-4F4A-9E4F-585A8A3F2108}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{EFC954FA-C553-4A4E-AF48-C5CAC214D76D}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{f530d5e8-9d18-4cba-b7cc-95944f9ebe3d}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{f530d5e8-9d18-4cba-b7cc-95944f9ebe3d}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "EnhanceTronic" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "EnhanceTronic" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update EnhanceTronic" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update EnhanceTronic" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update EnhanceTronic" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.EnhanceTronic uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.IESuper

The following instructions have been created to help you to get rid of "Ad.IESuper" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.IESuper installs a Browser Helper Object (BHO) called IESuper and changes the Internet Explorer startpage to www.d91.com.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "IESuper".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\IESuper\ies_uni.exe".
  • The file at "<$PROGRAMFILES>\IESuper\iesuper.dll".

Make sure you set your file manager to display hidden and system files. If Ad.IESuper uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\IESuper".

Make sure you set your file manager to display hidden and system files. If Ad.IESuper uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT\ named "IESuper.Obj.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "IESuper.Obj", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "IESuperHelper.Obj.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "IESuperHelper.Obj", plus associated values.
  • Delete the registry key "{1A49F431-2A2E-41a5-9080-0F41D1A3AEC1}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{1A49F431-2A2E-41a5-9080-0F41D1A3AEC2}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{1A49F431-2A2E-41a5-9080-0F41D1A3AEC2}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "IESuper" at "HKEY_CURRENT_USER\Software\".

If Ad.IESuper uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Browser:

The following browser plugins or items can either be removed directly in your browser, or through the help of e.g. Spybot-S&D or RunAlyzer.

  • Please check your bookmarks for links to "www.d91.com".

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Fralimbo

The following instructions have been created to help you to get rid of "Ad.Fralimbo" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Fralimbo is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://fralimbo.net/Privacy

Links (be careful!):

: ttp://fralimbo.net
: ttp://www.fralimbo.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{19831108-de35-4c98-b883-7bb790bfc59c}.xpi".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\Fralimbo.BOAS.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\Fralimbo.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\Fralimbo.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\Fralimbo.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\Fralimbo.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\Fralimbo.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\Fralimbo.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\Fralimbo.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\FralimboBA.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\FralimboBAApp.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\FralimboBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.BOAS.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.Bromon.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.BroStats.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.BRT.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\plugins\Fralimbo.Repmon.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\bin\utilFralimbo.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\Fralimbo.Common.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\Fralimbo.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\Fralimbo.ico".
  • The file at "<$PROGRAMFILES>\Fralimbo\FralimboBHO.7z".
  • The file at "<$PROGRAMFILES>\Fralimbo\FralimboBHO.dll".
  • The file at "<$PROGRAMFILES>\Fralimbo\FralimboFR.7z".
  • The file at "<$PROGRAMFILES>\Fralimbo\Fralimbouninstall.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\olmdfmecacbhbdgealggamhlglfmjbpa.crx".
  • The file at "<$PROGRAMFILES>\Fralimbo\updateFralimbo.exe".
  • The file at "<$PROGRAMFILES>\Fralimbo\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Fralimbo uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Fralimbo\bin\plugins".
  • The directory at "<$PROGRAMFILES>\Fralimbo\bin".
  • The directory at "<$PROGRAMFILES>\Fralimbo".

Make sure you set your file manager to display hidden and system files. If Ad.Fralimbo uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{1323DFD6-9FA2-4703-B5F5-D12060B96091}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{5dbf8f55-71ed-4e0e-8e34-7a5ef1183176}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{5dbf8f55-71ed-4e0e-8e34-7a5ef1183176}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{D3DEA360-C8E3-410C-A7B8-C72CDB38B406}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "Fralimbo" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "Fralimbo" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update Fralimbo" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update Fralimbo" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update Fralimbo" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\Fralimbo\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\Fralimbo\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\Fralimbo\".

If Ad.Fralimbo uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.DiVapton

The following instructions have been created to help you to get rid of "Ad.DiVapton" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.DiVapton is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://divapton.biz/Privacy

Links (be careful!):

: ttp://divapton.biz
: ttp://www.divapton.biz

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALSETTINGS>\Temp\DiVapton_sm.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVapton.BOAS.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVapton.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVapton.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVapton.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVapton.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVapton.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVapton.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVapton.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVaptonBA.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVaptonBAApp.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\DiVaptonBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.BOAS.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.Bromon.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.BroStats.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.BRT.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\plugins\DiVapton.Repmon.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\bin\utilDiVapton.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\cmfpfjjciophcbhnhnpbadhmdmfgceic.crx".
  • The file at "<$PROGRAMFILES>\DiVapton\DiVapton.Common.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\DiVapton.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\DiVapton.ico".
  • The file at "<$PROGRAMFILES>\DiVapton\DiVaptonBHO.dll".
  • The file at "<$PROGRAMFILES>\DiVapton\DiVaptonuninstall.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\updateDiVapton.exe".
  • The file at "<$PROGRAMFILES>\DiVapton\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.DiVapton uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\cmfpfjjciophcbhnhnpbadhmdmfgceic\1.0.0_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\cmfpfjjciophcbhnhnpbadhmdmfgceic".
  • The directory at "<$PROGRAMFILES>\DiVapton\bin\plugins".
  • The directory at "<$PROGRAMFILES>\DiVapton\bin".
  • The directory at "<$PROGRAMFILES>\DiVapton".

Make sure you set your file manager to display hidden and system files. If Ad.DiVapton uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{3bf42771-1b8a-4910-b3dc-eb330e40020a}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{3bf42771-1b8a-4910-b3dc-eb330e40020a}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{B072746D-AA37-4B49-AFC1-E26138B6C312}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{E184607D-362B-4814-86BC-095EC2A9404D}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "DiVapton" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "DiVapton" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update DiVapton" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update DiVapton" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update DiVapton" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\DiVapton\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\DiVapton\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\DiVapton\".

If Ad.DiVapton uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Fix for recent Spybot update error (updated 19th Sept 2016)

Some users have reported that they are unable to download the most recent updates for Spybot. Instructions to fix this issue can be found below.

A list of more common updating issues can be found here.

Download and install our new updater:

Our technicians have created a new Updater Installer file that will stop the existing Update Service and replace it with a new one.

You can download it from here, or using the link below:

https://download.spybot.info/Spybot2/special-purpose-test-versions/sd2-4022-updater-error-2005/spybotsd2-updater-update-trac4022-v3.exe

If this does not work for you then please try downloading the new updater from here:

https://download.spybot.info/Spybot2/special-purpose-test-versions/sd2-4022-updater-error-2005/spybotsd2-updater-update-trac4022-attempt1.exe

Please run the installer by right-clicking the file and choosing the option to “Run as administrator”.

Once you have run the installer, it should close automatically.

A new window should then open displaying the “AV Update Issue Tester Tool”.

You can then try to update Spybot again.

  • Open Spybot by right clicking on the Spybot icon and click “Run as Administrator”.
  • Tick the checkbox next to “Advanced User Mode”, if this is unticked.
  • Click on “Update”.
  • In the update window that appears, click “Update” to install the latest updates.

We apologise for the inconvenience, and we thank you for your patience in resolving this issue.

If you are still experiencing issues with updates, please take a screenshot of this window and attach it to an email to our support team.

See the following links for more information on how to take a screenshot:

http://www.take-a-screenshot.org
http://windows.microsoft.com/en-ie/windows/use-snipping-tool-capture-screen-shots#1TC=windows-8

This will allow us to better understand the issue that is causing the update failure which will enable us to come up with a permanent solution, if the initial fix does not solve the issue.

Manual Removal Guide for Win32.BHO.ctvh

The following instructions have been created to help you to get rid of "Win32.BHO.ctvh" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan
  • bho

Description:

Win32.BHO.ctvh installs a Browser Helper Object (BHO) and connects to Korean servers in the background.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "ieshowguide" and pointing to "<$PROGRAMFILES>\ieshowguide\*.exe".
  • Entries named "linkpop" and pointing to "<$PROGRAMFILES>\linkpop\*.exe".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "ieshowguide uninstall".
  • Products that have a key or property named "linkpop uninstall".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\ieshowguide\ieshowguide.dll".
  • The file at "<$PROGRAMFILES>\ieshowguide\ieshowguideup.exe".
  • The file at "<$PROGRAMFILES>\ieshowguide\uninstall.exe".
  • The file at "<$PROGRAMFILES>\linkpop\linkpop.dll".
  • The file at "<$PROGRAMFILES>\linkpop\linkpop_update.exe".
  • The file at "<$PROGRAMFILES>\linkpop\linkpopDlg.exe".
  • The file at "<$PROGRAMFILES>\linkpop\MouseHook.dll".
  • The file at "<$PROGRAMFILES>\linkpop\uninstall.exe".

Make sure you set your file manager to display hidden and system files. If Win32.BHO.ctvh uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\ieshowguide".
  • The directory at "<$PROGRAMFILES>\linkpop".

Make sure you set your file manager to display hidden and system files. If Win32.BHO.ctvh uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT\ named "ieshowguide.ieshowguideObj.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "ieshowguide.ieshowguideObj", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "linkpop.linkpopBHO.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "linkpop.linkpopBHO", plus associated values.
  • Delete the registry key "{0253CAF5-18CE-47D3-8980-A093DFFD3E32}" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "{063B5977-0BF0-425D-B8A5-124B96A71667}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{063B5977-0BF0-425D-B8A5-124B96A71667}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{57D653C4-7BC3-4F23-AA2E-350B7E168291}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{721A027C-67F3-4C79-B693-20209D5C79D4}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{7B3E25EF-0144-4CB4-AE9E-39D92239E71D}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{7D6D0E86-66B2-45CA-B1D1-04E2514ED8F7}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{7D6D0E86-66B2-45CA-B1D1-04E2514ED8F7}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{A2F87012-07BB-434A-BF58-F0DA260EABF8}" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "{D1A31BA4-D701-4A5B-997B-D7F786B98541}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{D1A31BA4-D701-4A5B-997B-D7F786B98541}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "ieshowguide.DLL" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "linkpop.DLL" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "linkpop" at "HKEY_LOCAL_MACHINE\SOFTWARE\".

If Win32.BHO.ctvh uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PersonalPCSpy

The following instructions have been created to help you to get rid of "PersonalPCSpy" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • keylogger

Description:

This Application records all keystrokes made during the session. It is invisible to all users, except to the one who installed the program. The logged keystokes can be stored in a previously created directory and are therefore not easy to be found. Those logfiles can be sent to a specified email-address. There is an option to generate an autorun entry so that the program starts any time the computer is started.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "Personal PC Spy".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$DESKTOP>\Personal PC Spy.lnk".
  • The file at "<$PROGRAMFILES>\C4EF7\LICENSE.TXT".
  • The file at "<$PROGRAMFILES>\C4EF7\Uninstall.exe".

Make sure you set your file manager to display hidden and system files. If PersonalPCSpy uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\C4EF7".
  • The directory at "<$PROGRAMS>\Personal PC Spy".

Make sure you set your file manager to display hidden and system files. If PersonalPCSpy uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Kad.barocn

The following instructions have been created to help you to get rid of "Kad.barocn" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Kad.barocn installs the Korean ‘barocn’ adware application.

Removal Instructions:

Files:

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "appcon" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "dailycon" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "nctrolsec" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "padaily" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "pendon" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "updatime" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "wepbob" at "HKEY_CURRENT_USER\Software\".

If Kad.barocn uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.WebLayers

The following instructions have been created to help you to get rid of "Ad.WebLayers" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.WebLayers is a browser add-on that displays advertisements and sponsored links.
Privacy Statement:
http://weblayers.co/Privacy
Links (be careful!):
: ttp://weblayers.co
: ttp://www.weblayers.co
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.BOAS.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.Bromon.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.BroStats.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.BRT.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\plugins\WebLayers.Repmon.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\utilWebLayers.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayers.BOAS.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayers.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayers.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayers.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayers.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayers.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayers.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayers.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayersBA.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayersBAApp.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\bin\WebLayersBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\GCClient.crx".
  • The file at "<$PROGRAMFILES>\Web Layers\ghdomkkcnldpmfcefiaaahchgoinofkb.crx".
  • The file at "<$PROGRAMFILES>\Web Layers\opc.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\updater.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\updateWebLayers.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\WebLayers.Common.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\WebLayers.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\WebLayers.ico".
  • The file at "<$PROGRAMFILES>\Web Layers\WebLayersBHO.dll".
  • The file at "<$PROGRAMFILES>\Web Layers\WebLayersOPC.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\WebLayersozr.exe".
  • The file at "<$PROGRAMFILES>\Web Layers\WebLayersuninstall.exe".
Make sure you set your file manager to display hidden and system files. If Ad.WebLayers uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\ghdomkkcnldpmfcefiaaahchgoinofkb\1.0.0_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\ghdomkkcnldpmfcefiaaahchgoinofkb".
  • The directory at "<$PROGRAMFILES>\Web Layers\bin\plugins".
  • The directory at "<$PROGRAMFILES>\Web Layers\bin".
  • The directory at "<$PROGRAMFILES>\Web Layers".
Make sure you set your file manager to display hidden and system files. If Ad.WebLayers uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{392E0193-4BB3-4F94-9ACA-414B7803E687}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{976d7863-9e6c-4066-8c67-0993db9de35f}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{976d7863-9e6c-4066-8c67-0993db9de35f}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{A3F7FF24-4FDE-43AA-989E-554404B37313}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "Update Web Layers" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update Web Layers" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update Web Layers" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry key "Web Layers" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "Web Layers" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
If Ad.WebLayers uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.BHO.cxpt

The following instructions have been created to help you to get rid of "Win32.BHO.cxpt" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan
  • bho

Description:

Win32.BHO.cxpt installs a Browser Helper Object (BHO) called NetSolutionObj and connects to korean servers in background.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "netsolution" and pointing to "<$PROGRAMFILES>\netsolution\netsolutionup.exe".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "netsolution uninstall".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\netsolution\netsolution.dll".
  • The file at "<$PROGRAMFILES>\netsolution\netsolutionup.exe".
  • The file at "<$PROGRAMFILES>\netsolution\uninstall.exe".

Make sure you set your file manager to display hidden and system files. If Win32.BHO.cxpt uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\netsolution".

Make sure you set your file manager to display hidden and system files. If Win32.BHO.cxpt uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT\ named "NetSolution.NetSolutionObj.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "NetSolution.NetSolutionObj", plus associated values.
  • Delete the registry key "{5BCF99F6-DB8D-42ED-9D2B-C65E95B21625}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{5BCF99F6-DB8D-42ED-9D2B-C65E95B21625}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{B8D31E96-0612-4621-9FB4-3692A0418475}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{C85AA9A8-2ADB-4914-8CC4-F8495C41540F}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{C9A3004C-54D7-409C-A5FC-22619592BF6C}" at "HKEY_CLASSES_ROOT\AppID\".
  • Delete the registry key "NetSolution.DLL" at "HKEY_CLASSES_ROOT\AppID\".

If Win32.BHO.cxpt uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.Pccapplus

The following instructions have been created to help you to get rid of "PU.Pccapplus" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.Pccapplus creates a directory in programfiles and an autorun entry "pccap" to run on system startup. It connects to Korean servers.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "pccap" and pointing to "<$PROGRAMFILES>\Pccapplus\Pccap.exe".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\Pccapplus\Pccap.exe".
  • The file at "<$PROGRAMFILES>\Pccapplus\uninstall.exe".

Make sure you set your file manager to display hidden and system files. If PU.Pccapplus uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Pccapplus".

Make sure you set your file manager to display hidden and system files. If PU.Pccapplus uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "pccap uninstall" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".

If PU.Pccapplus uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.RankRomp

The following instructions have been created to help you to get rid of "Ad.RankRomp" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.RankRomp is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.BOAS.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.Bromon.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.BroStats.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.BRT.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\plugins\rankromp.Repmon.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankromp.BOAS.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankromp.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankromp.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankromp.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankromp.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankromp.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankromp.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankromp.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankrompBA.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankrompBAApp.dll".
  • The file at "<$PROGRAMFILES>\rankromp\bin\rankrompBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\rankromp\bin\utilrankromp.exe".
  • The file at "<$PROGRAMFILES>\rankromp\rankromp.Common.dll".
  • The file at "<$PROGRAMFILES>\rankromp\rankromp.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\rankromp\rankromp.ico".
  • The file at "<$PROGRAMFILES>\rankromp\rankrompBHO.dll".
  • The file at "<$PROGRAMFILES>\rankromp\rankrompuninstall.exe".
  • The file at "<$PROGRAMFILES>\rankromp\updater.exe".
  • The file at "<$PROGRAMFILES>\rankromp\updaterankromp.exe".

Make sure you set your file manager to display hidden and system files. If Ad.RankRomp uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\rankromp\bin\plugins".
  • The directory at "<$PROGRAMFILES>\rankromp\bin".
  • The directory at "<$PROGRAMFILES>\rankromp".

Make sure you set your file manager to display hidden and system files. If Ad.RankRomp uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "rankromp" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "rankromp" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update rankromp" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update rankromp" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update rankromp" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.RankRomp uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.RambleRoam

The following instructions have been created to help you to get rid of "Ad.RambleRoam" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.RambleRoam is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.BOAS.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.Bromon.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.BroStats.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.BRT.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\plugins\RambleRoam.Repmon.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoam.BOAS.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoam.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoam.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoam.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoam.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoam.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoam.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoam.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoamBA.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoamBAApp.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\RambleRoamBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\bin\utilRambleRoam.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\RambleRoam.Common.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\RambleRoam.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\RambleRoam.ico".
  • The file at "<$PROGRAMFILES>\RambleRoam\RambleRoamBHO.dll".
  • The file at "<$PROGRAMFILES>\RambleRoam\RambleRoamuninstall.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\updater.exe".
  • The file at "<$PROGRAMFILES>\RambleRoam\updateRambleRoam.exe".

Make sure you set your file manager to display hidden and system files. If Ad.RambleRoam uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\RambleRoam\bin\plugins".
  • The directory at "<$PROGRAMFILES>\RambleRoam\bin".
  • The directory at "<$PROGRAMFILES>\RambleRoam".

Make sure you set your file manager to display hidden and system files. If Ad.RambleRoam uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "RambleRoam" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "RambleRoam" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update RambleRoam" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update RambleRoam" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update RambleRoam" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.RambleRoam uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.FakeAV

The following instructions have been created to help you to get rid of "Win32.FakeAV" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • malware

Description:

Win32.FakeAV claims to be an antimalware tool. When it is installed to the computer it finds a lot of harmless entries in order to frighten the user and make him buy a license to get the issues fixed.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$COMMONAPPDATA>\isecurity.exe".
  • The file at "<$COMMONDESKTOP>\Internet Security.lnk".

Make sure you set your file manager to display hidden and system files. If Win32.FakeAV uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.NetTock

The following instructions have been created to help you to get rid of "Ad.NetTock" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.NetTock is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://www.nettock.com/Privacy

Links (be careful!):

: ttp://nettock.com/
: ttp://www.nettock.com/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{0bd9bacb-0a2d-4412-900e-b2473afd87b4}.xpi".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTock.BOAS.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTock.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTock.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTock.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTock.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTock.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTock.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTock.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTockBA.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTockBAApp.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\NetTockBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.BOAS.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.Bromon.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.BroStats.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.BRT.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\plugins\NetTock.Repmon.dll".
  • The file at "<$PROGRAMFILES>\NetTock\bin\utilNetTock.exe".
  • The file at "<$PROGRAMFILES>\NetTock\NetTock.Common.dll".
  • The file at "<$PROGRAMFILES>\NetTock\NetTock.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\NetTock\NetTock.ico".
  • The file at "<$PROGRAMFILES>\NetTock\NetTockBHO.dll".
  • The file at "<$PROGRAMFILES>\NetTock\NetTockun.exe".
  • The file at "<$PROGRAMFILES>\NetTock\NetTockuninstall.exe".
  • The file at "<$PROGRAMFILES>\NetTock\updateNetTock.exe".
  • The file at "<$PROGRAMFILES>\NetTock\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.NetTock uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\NetTock\bin\plugins".
  • The directory at "<$PROGRAMFILES>\NetTock\bin".
  • The directory at "<$PROGRAMFILES>\NetTock".

Make sure you set your file manager to display hidden and system files. If Ad.NetTock uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{0909C19E-BD9D-44C1-AAC5-72884EAF0AD3}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{3cfaf932-a9cb-4e59-99a0-fe04e9df9328}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{3cfaf932-a9cb-4e59-99a0-fe04e9df9328}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{BB54C027-0FB6-42DA-97F1-52CE16826ACB}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "NetTock" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "NetTock" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update NetTock" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update NetTock" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update NetTock" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\NetTock\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\NetTock\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\NetTock\".

If Ad.NetTock uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Lamilov

The following instructions have been created to help you to get rid of "Ad.Lamilov" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Lamilov is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://lamilov.info/Privacy

Links (be careful!):

: ttp://lamilov.info
: ttp://www.lamilov.info

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{b69c858d-e83a-4e53-8894-037cf1ba2c41}.xpi".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilov.BOAS.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilov.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilov.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilov.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilov.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilov.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilov.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilov.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilovBA.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilovBAApp.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\lamilovBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.BOAS.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.Bromon.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.BroStats.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.BRT.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\plugins\lamilov.Repmon.dll".
  • The file at "<$PROGRAMFILES>\lamilov\bin\utillamilov.exe".
  • The file at "<$PROGRAMFILES>\lamilov\lamilov.Common.dll".
  • The file at "<$PROGRAMFILES>\lamilov\lamilov.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\lamilov\lamilov.ico".
  • The file at "<$PROGRAMFILES>\lamilov\lamilovBHO.dll".
  • The file at "<$PROGRAMFILES>\lamilov\lamilovuninstall.exe".
  • The file at "<$PROGRAMFILES>\lamilov\ldgjcacgdjjknibkhhhnkoamogikbjan.crx".
  • The file at "<$PROGRAMFILES>\lamilov\updatelamilov.exe".
  • The file at "<$PROGRAMFILES>\lamilov\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Lamilov uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\ldgjcacgdjjknibkhhhnkoamogikbjan\1.0.1_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\ldgjcacgdjjknibkhhhnkoamogikbjan".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Local Extension Settings\ldgjcacgdjjknibkhhhnkoamogikbjan".
  • The directory at "<$PROGRAMFILES>\lamilov\bin\plugins".
  • The directory at "<$PROGRAMFILES>\lamilov\bin".
  • The directory at "<$PROGRAMFILES>\lamilov".

Make sure you set your file manager to display hidden and system files. If Ad.Lamilov uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{379ba324-2d91-4616-8f29-482ab76be407}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{379ba324-2d91-4616-8f29-482ab76be407}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{BD0FECD1-5A09-4426-B78A-412AAE15DE15}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{DA322702-4D2A-4286-B90F-0F235ED4DBD2}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "lamilov" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "lamilov" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update lamilov" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update lamilov" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update lamilov" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\lamilov\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\lamilov\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\lamilov\".

If Ad.Lamilov uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.StartPage

The following instructions have been created to help you to get rid of "Win32.StartPage" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • malware

Description:

Win32.StartPage drops a file to the Appdata folder and creates an autorun entry for it. Once run it changes registry settings and the start pages of the Internet Explorer and Mozilla Firefox.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "index.reg".

Make sure you set your file manager to display hidden and system files. If Win32.StartPage uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Remove "http://www.uzzf.com/?p" from registry value "Start Page" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\".
  • Remove "http://www.xueshangwang.com/?ie" from registry value "Start Page" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\".

If Win32.StartPage uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Browser:

The following browser plugins or items can either be removed directly in your browser, or through the help of e.g. Spybot-S&D or RunAlyzer.

  • Please check your bookmarks for links to "http://www.uzzf.com".
  • Please check your bookmarks for links to "http://www.xueshangwang.com".

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SolteraTop

The following instructions have been created to help you to get rid of "Ad.SolteraTop" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.SolteraTop is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://solteratop.info/Download

Links (be careful!):

: ttp://solteratop.info
: ttp://www.solteratop.info

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{49148009-4e93-47dc-bbfb-b74de0a7fd19}.xpi".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.BOAS.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.Bromon.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.BroStats.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.BRT.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\plugins\solteratop.Repmon.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratop.BOAS.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratop.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratop.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratop.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratop.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratop.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratop.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratop.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratopBA.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratopBAApp.dll".
  • The file at "<$PROGRAMFILES>\solteratop\bin\solteratopBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\solteratop\bin\utilsolteratop.exe".
  • The file at "<$PROGRAMFILES>\solteratop\jlmgdgegcicamjncelohnaebbmkaccel.crx".
  • The file at "<$PROGRAMFILES>\solteratop\solteratop.Common.dll".
  • The file at "<$PROGRAMFILES>\solteratop\solteratop.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\solteratop\solteratop.ico".
  • The file at "<$PROGRAMFILES>\solteratop\solteratopBHO.dll".
  • The file at "<$PROGRAMFILES>\solteratop\solteratopuninstall.exe".
  • The file at "<$PROGRAMFILES>\solteratop\updater.exe".
  • The file at "<$PROGRAMFILES>\solteratop\updatesolteratop.exe".

Make sure you set your file manager to display hidden and system files. If Ad.SolteraTop uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\jlmgdgegcicamjncelohnaebbmkaccel\1.0.1_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\jlmgdgegcicamjncelohnaebbmkaccel".
  • The directory at "<$PROGRAMFILES>\solteratop\bin\plugins".
  • The directory at "<$PROGRAMFILES>\solteratop\bin".
  • The directory at "<$PROGRAMFILES>\solteratop".

Make sure you set your file manager to display hidden and system files. If Ad.SolteraTop uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{35A3F0CD-C16E-491C-84C2-F5B1D86C429B}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{5aad43b7-8f9d-4d7b-a01e-c9c24ab250ae}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{5aad43b7-8f9d-4d7b-a01e-c9c24ab250ae}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{70250009-1A09-4333-8764-4F81F3124057}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "solteratop" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "solteratop" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update solteratop" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update solteratop" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update solteratop" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\solteratop\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\solteratop\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\solteratop\".

If Ad.SolteraTop uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.RockTurner

The following instructions have been created to help you to get rid of "Ad.RockTurner" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.RockTurner is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.BOAS.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.Bromon.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.BroStats.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.BRT.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\plugins\RockTurner.Repmon.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurner.BOAS.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurner.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurner.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurner.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurner.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurner.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurner.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurner.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurnerBA.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurnerBAApp.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\RockTurnerBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\utilRockTurner.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\bin\XTLSApp.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\RockTurner.Common.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\RockTurner.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\RockTurner.ico".
  • The file at "<$PROGRAMFILES>\Rock Turner\RockTurnerBHO.dll".
  • The file at "<$PROGRAMFILES>\Rock Turner\RockTurneruninstall.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\updater.exe".
  • The file at "<$PROGRAMFILES>\Rock Turner\updateRockTurner.exe".

Make sure you set your file manager to display hidden and system files. If Ad.RockTurner uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Rock Turner\bin\plugins".
  • The directory at "<$PROGRAMFILES>\Rock Turner\bin".
  • The directory at "<$PROGRAMFILES>\RockTurner".

Make sure you set your file manager to display hidden and system files. If Ad.RockTurner uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "RockTurner" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "RockTurner" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update RockTurner" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update RockTurner" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update RockTurner" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.RockTurner uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.BatBrowse

The following instructions have been created to help you to get rid of "Ad.BatBrowse" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.BatBrowse is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://batbrowse.com/Privacy

Links (be careful!):

: ttp://batbrowse.com
: ttp://www.batbrowse.com

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "firefox@batbrowse.com.xpi".
  • The file at "<$PROGRAMFILES>\BatBrowse\BatBrowse.Common.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\BatBrowse.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\BatBrowse.ico".
  • The file at "<$PROGRAMFILES>\BatBrowse\BatBrowseBHO.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\BatBrowseuninstall.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowse.BOAS.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowse.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowse.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowse.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowse.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowse.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowse.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowse.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowseBA.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowseBAApp.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\BatBrowseBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.BOAS.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.Bromon.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.BroStats.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.BRT.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\plugins\BatBrowse.Repmon.dll".
  • The file at "<$PROGRAMFILES>\BatBrowse\bin\utilBatBrowse.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\ccncljhbalbbkkfgopogabimepmfkmff.crx".
  • The file at "<$PROGRAMFILES>\BatBrowse\updateBatBrowse.exe".
  • The file at "<$PROGRAMFILES>\BatBrowse\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.BatBrowse uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\ccncljhbalbbkkfgopogabimepmfkmff\1.0.0_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\ccncljhbalbbkkfgopogabimepmfkmff".
  • The directory at "<$PROGRAMFILES>\BatBrowse\bin\plugins".
  • The directory at "<$PROGRAMFILES>\BatBrowse\bin".
  • The directory at "<$PROGRAMFILES>\BatBrowse".

Make sure you set your file manager to display hidden and system files. If Ad.BatBrowse uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{76c598c9-f0f8-494f-a507-ae041f69a58c}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{76c598c9-f0f8-494f-a507-ae041f69a58c}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{A9FA5AF2-AB24-482F-94E7-59BBAADCB878}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{DA81E6DC-0C3A-48C4-B9CD-9BB68753C95F}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "BatBrowse" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "BatBrowse" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update BatBrowse" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update BatBrowse" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update BatBrowse" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\BatBrowse\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\BatBrowse\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\BatBrowse\".

If Ad.BatBrowse uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SwizzleBiz

The following instructions have been created to help you to get rid of "Ad.SwizzleBiz" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.SwizzleBiz is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://swizzlebiz.biz/Privacy

Links (be careful!):

: ttp://swizzlebiz.biz/
: ttp://www.swizzlebiz.biz/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{49e51043-d75a-40d9-8746-5be1e5685c73}.xpi".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.BOAS.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.Bromon.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.BroStats.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.BRT.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins\SwizzleBiz.Repmon.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBiz.BOAS.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBiz.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBiz.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBiz.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBiz.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBiz.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBiz.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBiz.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBizBA.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBizBAApp.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\SwizzleBizBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\utilSwizzleBiz.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\bin\XTLSApp.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\SwizzleBiz.Common.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\SwizzleBiz.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\SwizzleBiz.ico".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\SwizzleBizBHO.dll".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\SwizzleBizuninstall.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\updater.exe".
  • The file at "<$PROGRAMFILES>\SwizzleBiz\updateSwizzleBiz.exe".

Make sure you set your file manager to display hidden and system files. If Ad.SwizzleBiz uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\SwizzleBiz\bin\plugins".
  • The directory at "<$PROGRAMFILES>\SwizzleBiz\bin".
  • The directory at "<$PROGRAMFILES>\SwizzleBiz".

Make sure you set your file manager to display hidden and system files. If Ad.SwizzleBiz uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{17EE4DB7-FB6D-4F57-92E9-D741ECC2C887}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{3398193f-64ac-4438-a9f9-b0aff74b90a8}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{3398193f-64ac-4438-a9f9-b0aff74b90a8}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{89ACE2A5-E818-4A9E-9863-711C977FC4BC}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "SwizzleBiz" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "SwizzleBiz" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update SwizzleBiz" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update SwizzleBiz" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update SwizzleBiz" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\SwizzleBiz\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\SwizzleBiz\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\SwizzleBiz\".

If Ad.SwizzleBiz uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Strictor

The following instructions have been created to help you to get rid of "Ad.Strictor" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.Strictor offers adware bundled installers that drop adware and possibly unwanted programs during execution.

Removal Instructions:

Autorun:

Important: There are more autorun entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALSETTINGS>\Temp\photo.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Strictor uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "9e16c401f72f35f8d08e45d698def37c" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry value "<$LOCALSETTINGS>\Temp\photo.exe" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\".
  • Delete the registry value "<$LOCALSETTINGS>\Temp\photo.exe" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\".
  • Delete the registry value "<$LOCALSETTINGS>\Temp\photo.exe" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\".

If Ad.Strictor uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.LookingLink

The following instructions have been created to help you to get rid of "Ad.LookingLink" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.LookingLink is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://lookinglink.info/Privacy

Links (be careful!):

: ttp://lookinglink.info
: ttp://www.lookinglink.info

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{7f6d153f-9819-4c98-96fb-5c6aa213f0ea}.xpi".
  • The file at "<$PROGRAMFILES>\lookinglink\alakbkblgilodacnlnmcoiofdjakliih.crx".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglink.BOAS.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglink.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglink.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglink.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglink.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglink.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglink.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglink.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglinkBA.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglinkBAApp.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\lookinglinkBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.BOAS.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.Bromon.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.BroStats.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.BRT.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\plugins\lookinglink.Repmon.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\utillookinglink.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\XTLS.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\bin\XTLSApp.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\lookinglink.Common.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\lookinglink.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\lookinglink.ico".
  • The file at "<$PROGRAMFILES>\lookinglink\lookinglinkBHO.dll".
  • The file at "<$PROGRAMFILES>\lookinglink\lookinglinkuninstall.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\updatelookinglink.exe".
  • The file at "<$PROGRAMFILES>\lookinglink\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.LookingLink uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\alakbkblgilodacnlnmcoiofdjakliih\1.0.0_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\alakbkblgilodacnlnmcoiofdjakliih".
  • The directory at "<$PROGRAMFILES>\lookinglink\bin\plugins".
  • The directory at "<$PROGRAMFILES>\lookinglink\bin".
  • The directory at "<$PROGRAMFILES>\lookinglink".

Make sure you set your file manager to display hidden and system files. If Ad.LookingLink uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{17513F18-4EB9-49B5-881C-465A2688C87F}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{84dfb3ca-9212-4fba-bf3a-a66c4a02a48f}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{84dfb3ca-9212-4fba-bf3a-a66c4a02a48f}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{EB317E41-9AA7-487A-8060-B81657E8D68A}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "lookinglink" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "lookinglink" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update lookinglink" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update lookinglink" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update lookinglink" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\lookinglink\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\lookinglink\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\lookinglink\".

If Ad.LookingLink uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.GameClubLauncher

The following instructions have been created to help you to get rid of "PU.GameClubLauncher" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.GameClubLauncher creates files within a program files folder and several link on the users desktop.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$DESKTOP>\Gameclub Philippines.url".
  • The file at "<$DESKTOP>\Mini Gameclub.url".
  • The file at "<$DESKTOP>\Texas Jackpot Poker.url".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\Gameclub.ico".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\Global.cki".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\MiniGameclub.ico".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\Reviser.exe".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\Script.mgs".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\Starter.cfg".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\Starter.exe".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\TexasJackpotPoker.ico".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\uninst.exe".
  • The file at "<$PROGRAMFILES>\GameClub Launcher\PH\VersionInfo.dat".

Make sure you set your file manager to display hidden and system files. If PU.GameClubLauncher uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\GameClub Launcher\PH\0000".
  • The directory at "<$PROGRAMFILES>\GameClub Launcher\PH\0001".
  • The directory at "<$PROGRAMFILES>\GameClub Launcher\PH\0002".
  • The directory at "<$PROGRAMFILES>\GameClub Launcher\PH\0004".
  • The directory at "<$PROGRAMFILES>\GameClub Launcher\PH".
  • The directory at "<$PROGRAMFILES>\GameClub Launcher".

Make sure you set your file manager to display hidden and system files. If PU.GameClubLauncher uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{BBD9FAD7-F782-4548-B00F-E612322950F6}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "MYGAME" at "HKEY_LOCAL_MACHINE\SOFTWARE\".

If PU.GameClubLauncher uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.ZDigHouse

The following instructions have been created to help you to get rid of "Ad.ZDigHouse" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.ZDigHouse installs a BHO (Browser Helper Object ) and more unwanted extensions to default web browsers.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$COMMONAPPDATA>\lnfjoafpdkcphoedkmhbpodcgbndkmpc\lnfjoafpdkcphoedkmhbpodcgbndkmpc.crx".

Make sure you set your file manager to display hidden and system files. If Ad.ZDigHouse uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$COMMONAPPDATA>\lnfjoafpdkcphoedkmhbpodcgbndkmpc".
  • The directory at "<$COMMONAPPDATA>\Z Digital House".
  • The directory at "<$PROGRAMFILES>\Z Digital House".

Make sure you set your file manager to display hidden and system files. If Ad.ZDigHouse uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{7B353DF3-83BB-AFDA-B10E-1018B627E55D}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\".
  • Delete the registry key "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{F47E71D6-CDCF-8EA6-D676-E7935EE70D47}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{F47E71D6-CDCF-8EA6-D676-E7935EE70D47}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "House" at "HKEY_CLASSES_ROOT".
  • Delete the registry key "lnfjoafpdkcphoedkmhbpodcgbndkmpc" at "HKEY_LOCAL_MACHINE\SOFTWARE\Comodo\Dragon\Extensions\".
  • Delete the registry key "lnfjoafpdkcphoedkmhbpodcgbndkmpc" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome SxS\Extensions\".
  • Delete the registry key "lnfjoafpdkcphoedkmhbpodcgbndkmpc" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\".

If Ad.ZDigHouse uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.MegaSearch

The following instructions have been created to help you to get rid of "Ad.MegaSearch" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.MegaSearch installs a BHO (Browser Helper Object ) and more unwanted extensions to default web browsers.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$COMMONAPPDATA>\ihhkipdhppgphaaknehadkmaahfmohko\ihhkipdhppgphaaknehadkmaahfmohko.crx".

Make sure you set your file manager to display hidden and system files. If Ad.MegaSearch uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\ihhkipdhppgphaaknehadkmaahfmohko".
  • The directory at "<$COMMONAPPDATA>\BeeMP3".
  • The directory at "<$COMMONAPPDATA>\ihhkipdhppgphaaknehadkmaahfmohko".
  • The directory at "<$PROGRAMFILES>\BeeMP3".
  • The directory at "<$PROGRAMFILES>\Mozilla Firefox\browser\extensions\529f7867fc6e4@529f7867fc6e5.com".

Make sure you set your file manager to display hidden and system files. If Ad.MegaSearch uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT\ named "BeeMP3.BeeMP3.4.0", plus associated values.
  • A key in HKEY_CLASSES_ROOT\ named "BeeMP3.BeeMP3", plus associated values.
  • Delete the registry key "{8A13C970-2955-3ED9-349D-44A476B07E51}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{8A13C970-2955-3ED9-349D-44A476B07E51}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{97D51208-27E3-4EC3-2611-BA4EB63219A1}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "{E2343056-CC08-46AC-B898-BFC7ACF4E755}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "ihhkipdhppgphaaknehadkmaahfmohko" at "HKEY_LOCAL_MACHINE\SOFTWARE\Comodo\Dragon\Extensions\".
  • Delete the registry key "ihhkipdhppgphaaknehadkmaahfmohko" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome SxS\Extensions\".
  • Delete the registry key "ihhkipdhppgphaaknehadkmaahfmohko" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\".
  • Delete the registry key "ihhkipdhppgphaaknehadkmaahfmohko" at "HKEY_LOCAL_MACHINE\SOFTWARE\Torch\Extensions\".

If Ad.MegaSearch uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Swizzor.st

The following instructions have been created to help you to get rid of "Win32.Swizzor.st" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan

Description:

Swizzor variant. Copies the Trojan file ‘mswinexe.exe’ into the system directory and redirects shell and userinit variables to it. This Swizzor variants operates with redirecting JS files.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$SYSDIR>\mswinexe.exe".

Make sure you set your file manager to display hidden and system files. If Win32.Swizzor.st uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "DEADBOOBSUPPORT" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "seek one blue" at "HKEY_CURRENT_USER\Software\DEADBOOBSUPPORT\".
  • Delete the registry value "messcash" at "HKEY_CURRENT_USER\Software\DEADBOOBSUPPORT\".
  • Delete the registry value "WindowsExplorer" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\".
  • Remove "<regexpr> .<$SYSDIR>\\mswinexe\.exe." from registry value "Shell" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon".
  • Remove "<regexpr>.<$SYSDIR>\\mswinexe\.exe.\," from registry value "Userinit" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon".

If Win32.Swizzor.st uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.KeepSurf

The following instructions have been created to help you to get rid of "Ad.KeepSurf" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.KeepSurf installs a BHO (Browser Helper Object) and more unwanted extensions to default web browsers.

Removal Instructions:

Files:

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$COMMONAPPDATA>\Surf! Ande kEep".
  • The directory at "<$PROGRAMFILES>\Surf! Ande kEep".

Make sure you set your file manager to display hidden and system files. If Ad.KeepSurf uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT\ named "keEp.Surf", plus associated values.
  • Delete the registry key "{98A32620-11A0-4221-2448-8257D88E0FDD}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{98A32620-11A0-4221-2448-8257D88E0FDD}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall".

If Ad.KeepSurf uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Karatoh

The following instructions have been created to help you to get rid of "Ad.Karatoh" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Karatoh is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://www.karatoh.com/Download

Links (be careful!):

: ttp://www.karatoh.com
: ttp://www.karatoh.com/Uninstall

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\karatoh\bin\karatoh.BOAS.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatoh.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatoh.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatoh.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatoh.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatoh.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatoh.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatoh.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatohBA.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatohBAApp.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\karatohBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.BOAS.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.Bromon.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.BroStats.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.BRT.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\plugins\karatoh.Repmon.dll".
  • The file at "<$PROGRAMFILES>\karatoh\bin\utilkaratoh.exe".
  • The file at "<$PROGRAMFILES>\karatoh\karatoh.Common.dll".
  • The file at "<$PROGRAMFILES>\karatoh\karatoh.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\karatoh\karatoh.ico".
  • The file at "<$PROGRAMFILES>\karatoh\karatohBHO.dll".
  • The file at "<$PROGRAMFILES>\karatoh\karatohuninstall.exe".
  • The file at "<$PROGRAMFILES>\karatoh\updatekaratoh.exe".
  • The file at "<$PROGRAMFILES>\karatoh\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Karatoh uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\karatoh\bin\plugins".
  • The directory at "<$PROGRAMFILES>\karatoh\bin".
  • The directory at "<$PROGRAMFILES>\karatoh".

Make sure you set your file manager to display hidden and system files. If Ad.Karatoh uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "karatoh" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "karatoh" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update karatoh" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update karatoh" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update karatoh" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.Karatoh uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.JumpFlip

The following instructions have been created to help you to get rid of "Ad.JumpFlip" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.JumpFlip is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://jumpflip.net/Privacy

Links (be careful!):

: ttp://jumpflip.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlip.BOAS.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlip.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlip.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlip.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlip.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlip.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlip.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlip.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlipBA.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlipBAApp.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\JumpFlipBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.BOAS.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.Bromon.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.BroStats.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.BRT.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\plugins\JumpFlip.Repmon.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\bin\utilJumpFlip.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx".
  • The file at "<$PROGRAMFILES>\Jump Flip\JumpFlip.Common.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\JumpFlip.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\JumpFlip.ico".
  • The file at "<$PROGRAMFILES>\Jump Flip\JumpFlipBHO.dll".
  • The file at "<$PROGRAMFILES>\Jump Flip\JumpFlipuninstall.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\updateJumpFlip.exe".
  • The file at "<$PROGRAMFILES>\Jump Flip\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.JumpFlip uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\hphehadppenpmajgnkjdcopcfijjegaf\1.0.0_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\hphehadppenpmajgnkjdcopcfijjegaf".
  • The directory at "<$PROGRAMFILES>\Jump Flip\bin\plugins".
  • The directory at "<$PROGRAMFILES>\Jump Flip\bin".
  • The directory at "<$PROGRAMFILES>\Jump Flip".

Make sure you set your file manager to display hidden and system files. If Ad.JumpFlip uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{08A93781-1BA0-4B59-87F6-2C80C8956E03}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{4318395F-DFF1-48AF-B5F0-958E93D16D56}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{50A084CA-17CF-48B8-9BCD-6D5CA2C3B60E}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{6db9fdfe-b718-4962-be0c-0a5fce7f7f7b}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{6db9fdfe-b718-4962-be0c-0a5fce7f7f7b}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{76BF10AB-CEAD-456F-9218-5F46B1683DB1}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{b630c560-975d-41a3-9a95-cbc23ad991e4}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{b630c560-975d-41a3-9a95-cbc23ad991e4}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{F325945D-DAFE-4312-95D8-1913AEB1D810}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "JumpFlip" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "JumpFlip" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update JumpFlip" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update JumpFlip" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update JumpFlip" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".

If Ad.JumpFlip uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.CrankWeb

The following instructions have been created to help you to get rid of "Ad.CrankWeb" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.CrankWeb claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://crankweb.com/Privacy

Links (be careful!):

: ttp://crankweb.com/
: ttp://www.crankweb.com/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWeb.BOAS.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWeb.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWeb.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWeb.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWeb.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWeb.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWeb.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWeb.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWebBA.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWebBAApp.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\CrankWebBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.BOAS.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.Bromon.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.BroStats.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.BRT.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\plugins\CrankWeb.Repmon.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\bin\utilCrankWeb.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\CrankWeb.Common.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\CrankWeb.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\CrankWeb.ico".
  • The file at "<$PROGRAMFILES>\CrankWeb\CrankWebBHO.dll".
  • The file at "<$PROGRAMFILES>\CrankWeb\CrankWebuninstall.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\gcmogoancjjkccghamldiebenbnhgdhd.crx".
  • The file at "<$PROGRAMFILES>\CrankWeb\updateCrankWeb.exe".
  • The file at "<$PROGRAMFILES>\CrankWeb\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.CrankWeb uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\gcmogoancjjkccghamldiebenbnhgdhd\1.0.1_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\gcmogoancjjkccghamldiebenbnhgdhd".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Local Extension Settings\gcmogoancjjkccghamldiebenbnhgdhd".
  • The directory at "<$PROGRAMFILES>\CrankWeb\bin\plugins".
  • The directory at "<$PROGRAMFILES>\CrankWeb\bin".
  • The directory at "<$PROGRAMFILES>\CrankWeb".

Make sure you set your file manager to display hidden and system files. If Ad.CrankWeb uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{3b366aa1-f886-4aff-87a4-9e317d0d4dfd}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{3b366aa1-f886-4aff-87a4-9e317d0d4dfd}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{B7D1C730-435F-4DDC-B927-FDAB205FCAF2}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{C7A5892E-9070-4247-AB7C-BC2A593358F7}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "crankweb.com" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\".
  • Delete the registry key "CrankWeb" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "CrankWeb" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USER\Software\CrankWeb\".
  • Delete the registry key "Update CrankWeb" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update CrankWeb" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update CrankWeb" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\CrankWeb\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\CrankWeb\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\CrankWeb\".

If Ad.CrankWeb uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Kraddare

The following instructions have been created to help you to get rid of "Win32.Kraddare" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Win32.Kraddare installs unwanted adware clinets.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "signkey" and pointing to "<$LOCALAPPDATA>\signkey\signkey.exe".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALAPPDATA>\signkey\iesignkey.exe".
  • The file at "<$LOCALAPPDATA>\signkey\signkey.exe".
  • The file at "<$LOCALAPPDATA>\signkey\skun.exe".

Make sure you set your file manager to display hidden and system files. If Win32.Kraddare uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$LOCALAPPDATA>\signkey".

Make sure you set your file manager to display hidden and system files. If Win32.Kraddare uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "signkey" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "signkey" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Remove "<regexpr>[A-Za-z ] " from registry value "Partner" at "HKEY_CURRENT_USER\Software\signkey\".

If Win32.Kraddare uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Agent.rmh

The following instructions have been created to help you to get rid of "Win32.Agent.rmh" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan

Description:

Win32.Agent.rmh connects to remote servers in the background.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\WithMoa\except.ini".
  • The file at "<$PROGRAMFILES>\WithMoa\IUtil.ini".
  • The file at "<$PROGRAMFILES>\WithMoa\uninstall.exe".
  • The file at "<$PROGRAMFILES>\WithMoa\widlib.dll".
  • The file at "<$PROGRAMFILES>\WithMoa\widmoa.dll".
  • The file at "<$PROGRAMFILES>\WithMoa\widservice.exe".
  • The file at "<$PROGRAMFILES>\WithMoa\withmoa.exe".
  • The file at "<$PROGRAMFILES>\WithMoa\withmoaun.exe".
  • The file at "<$WINDIR>\SYSTEM32\withmoaAX.ocx".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.rmh uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\WithMoa".

Make sure you set your file manager to display hidden and system files. If Win32.Agent.rmh uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "anyfund" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "anyfund" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
  • Delete the registry value "change" at "HKEY_CURRENT_USER\Software\anyfund\".
  • Delete the registry value "today" at "HKEY_LOCAL_MACHINE\SOFTWARE\anyfund\".

If Win32.Agent.rmh uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.BuzzSearch

The following instructions have been created to help you to get rid of "Ad.BuzzSearch" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.BuzzSearch claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.mybuzzsearch.com/Privacy

Links (be careful!):

: ttp://mybuzzsearch.com
: ttp://www.mybuzzsearch.com

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.BOAS.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearchBA.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearchBAApp.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearchBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BOAS.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.Bromon.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BroStats.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BRT.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.Repmon.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\utilBuzzSearch.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\BuzzSearch.Common.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\BuzzSearch.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\BuzzSearch.ico".
  • The file at "<$PROGRAMFILES>\BuzzSearch\BuzzSearchBHO.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\BuzzSearchuninstall.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\jhjjdgbhohaallcimgcmakfiobacimkm.crx".
  • The file at "<$PROGRAMFILES>\BuzzSearch\updateBuzzSearch.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.BuzzSearch uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.0_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm".
  • The directory at "<$PROGRAMFILES>\BuzzSearch\bin\plugins".
  • The directory at "<$PROGRAMFILES>\BuzzSearch\bin".
  • The directory at "<$PROGRAMFILES>\BuzzSearch".

Make sure you set your file manager to display hidden and system files. If Ad.BuzzSearch uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{396ECD31-EDF7-489F-BDA1-83DBA4C36E81}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{5cf5a690-c8f4-488e-9d20-f21aef602d41}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{5cf5a690-c8f4-488e-9d20-f21aef602d41}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{D0EC4142-5808-41D2-A4DC-6081CF1A9693}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "BuzzSearch" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "BuzzSearch" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update BuzzSearch" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update BuzzSearch" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update BuzzSearch" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\BuzzSearch\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\BuzzSearch\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\BuzzSearch\".

If Ad.BuzzSearch uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.BrowseBeyond

The following instructions have been created to help you to get rid of "Ad.BrowseBeyond" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.BrowseBeyond is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://browsebeyond.net/Privacy

Links (be careful!):

: ttp://browsebeyond.net
: ttp://www.browsebeyond.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\Browsebeyond.BOAS.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\Browsebeyond.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\Browsebeyond.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\Browsebeyond.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\Browsebeyond.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\Browsebeyond.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\Browsebeyond.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\Browsebeyond.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\BrowsebeyondBA.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\BrowsebeyondBAApp.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\BrowsebeyondBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.BOAS.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.Bromon.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.BroStats.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.BRT.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\plugins\Browsebeyond.Repmon.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\bin\utilBrowsebeyond.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\Browsebeyond.Common.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\Browsebeyond.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\Browsebeyond.ico".
  • The file at "<$PROGRAMFILES>\Browsebeyond\BrowsebeyondBHO.dll".
  • The file at "<$PROGRAMFILES>\Browsebeyond\Browsebeyonduninstall.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\jldbooabopmhfgjpnlaobgfdlkmpbdna.crx".
  • The file at "<$PROGRAMFILES>\Browsebeyond\updateBrowsebeyond.exe".
  • The file at "<$PROGRAMFILES>\Browsebeyond\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.BrowseBeyond uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\jldbooabopmhfgjpnlaobgfdlkmpbdna\1.0.0_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\jldbooabopmhfgjpnlaobgfdlkmpbdna".
  • The directory at "<$PROGRAMFILES>\Browsebeyond\bin\plugins".
  • The directory at "<$PROGRAMFILES>\Browsebeyond\bin".
  • The directory at "<$PROGRAMFILES>\Browsebeyond".

Make sure you set your file manager to display hidden and system files. If Ad.BrowseBeyond uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{39A85641-67C3-40B7-AE1F-F3D034B167A9}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{81E4892A-7E59-408C-AD31-A913E05AB8A3}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{f04a89fa-d7e3-4fbd-9569-502b4cad4347}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{f04a89fa-d7e3-4fbd-9569-502b4cad4347}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "Browsebeyond" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "Browsebeyond" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update Browsebeyond" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update Browsebeyond" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update Browsebeyond" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\Browsebeyond\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\Browsebeyond\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\Browsebeyond\".

If Ad.BrowseBeyond uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.YiqilaiLyrics

The following instructions have been created to help you to get rid of "Ad.YiqilaiLyrics" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.YiqilaiLyrics is a chinese adware that infiltrates Mediaplayer and Internet Explorer.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "YiqilaiLyrics".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>\Yiqilai\foobar\foo_vis_yqllyrics.dll".
  • The file at "<$PROGRAMFILES>\Yiqilai\lib\YQL_Lyrics_Common.dll".
  • The file at "<$PROGRAMFILES>\Yiqilai\realplayer\real_vis_yqllyrics.rpv".
  • The file at "<$PROGRAMFILES>\Yiqilai\Temp\foo_vis_yqllyrics.dll".
  • The file at "<$PROGRAMFILES>\Yiqilai\Temp\gen_yqllyrics.dll".
  • The file at "<$PROGRAMFILES>\Yiqilai\Temp\vis_yqllyrics.dll".
  • The file at "<$PROGRAMFILES>\Yiqilai\tools\YiqilaiLyrics.exe".
  • The file at "<$PROGRAMFILES>\Yiqilai\winamp\gen_yqllyrics.dll".
  • The file at "<$PROGRAMFILES>\Yiqilai\winamp\vis_yqllyrics.dll".
  • The file at "<$PROGRAMFILES>\Yiqilai\wmp\YiqilaiLyrics.dll".
  • The file at "<$SYSDRIVE>\System Volume Information\_restore{1DF4BCC4-62CD-424D-82BE-07306400858E}\RP38\A0010789.dll".
  • The file at "<$SYSDRIVE>\System Volume Information\_restore{1DF4BCC4-62CD-424D-82BE-07306400858E}\RP38\A0010790.dll".
  • The file at "<$SYSDRIVE>\System Volume Information\_restore{1DF4BCC4-62CD-424D-82BE-07306400858E}\RP38\A0010791.dll".
  • The file at "<$SYSDRIVE>\System Volume Information\_restore{1DF4BCC4-62CD-424D-82BE-07306400858E}\RP38\A0010792.dll".

Make sure you set your file manager to display hidden and system files. If Ad.YiqilaiLyrics uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Yiqilai\foobar".
  • The directory at "<$PROGRAMFILES>\Yiqilai\html".
  • The directory at "<$PROGRAMFILES>\Yiqilai\lib".
  • The directory at "<$PROGRAMFILES>\Yiqilai\realplayer".
  • The directory at "<$PROGRAMFILES>\Yiqilai\Temp".
  • The directory at "<$PROGRAMFILES>\Yiqilai\tools".
  • The directory at "<$PROGRAMFILES>\Yiqilai\winamp".
  • The directory at "<$PROGRAMFILES>\Yiqilai\wmp".
  • The directory at "<$PROGRAMFILES>\Yiqilai".

Make sure you set your file manager to display hidden and system files. If Ad.YiqilaiLyrics uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\".
  • Delete the registry key "Yiqilai" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
  • Delete the registry key "YiqilaiLyrics" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\Effects\".
  • Remove "YiqilaiLyrics" from registry value "CurrentEffectType" at "HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences\".

If Ad.YiqilaiLyrics uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Yawtix

The following instructions have been created to help you to get rid of "Ad.Yawtix" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Yawtix claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://yawtix.com/Privacy

Links (be careful!):

: ttp://yawtix.com/
: ttp://www.yawtix.com/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{16d667ee-6782-4b21-81df-8ded8ebc3868}.xpi".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.BOAS.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.Bromon.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.BroStats.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.BRT.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\plugins\Yawtix.Repmon.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\utilYawtix.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\Yawtix.BOAS.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\Yawtix.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\Yawtix.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\Yawtix.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\Yawtix.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\Yawtix.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\Yawtix.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\Yawtix.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\YawtixBA.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\YawtixBAApp.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\bin\YawtixBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\updater.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\updateYawtix.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\Yawtix.Common.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\Yawtix.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\Yawtix\Yawtix.ico".
  • The file at "<$PROGRAMFILES>\Yawtix\YawtixBHO.dll".
  • The file at "<$PROGRAMFILES>\Yawtix\Yawtixuninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Yawtix uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Yawtix\bin\plugins".
  • The directory at "<$PROGRAMFILES>\Yawtix\bin".
  • The directory at "<$PROGRAMFILES>\Yawtix".

Make sure you set your file manager to display hidden and system files. If Ad.Yawtix uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "Update Yawtix" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update Yawtix" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update Yawtix" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry key "Yawtix" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "Yawtix" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".

If Ad.Yawtix uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.AdvanceMark

The following instructions have been created to help you to get rid of "Ad.AdvanceMark" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.AdvanceMark claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://advancemark.info/Privacy

Links (be careful!):

: ttp://advancemark.info
: ttp://www.advancemark.info

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{495e04b0-3772-475e-a8a2-48beea71d07d}.xpi".
  • The file at "<$PROGRAMFILES>\AdvanceMark\AdvanceMark.Common.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\AdvanceMark.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\AdvanceMark.ico".
  • The file at "<$PROGRAMFILES>\AdvanceMark\AdvanceMarkBHO.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\AdvanceMarkuninstall.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMark.BOAS.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMark.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMark.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMark.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMark.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMark.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMark.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMark.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMarkBA.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMarkBAApp.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\AdvanceMarkBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.BOAS.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.Bromon.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.BroStats.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.BRT.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\plugins\AdvanceMark.Repmon.dll".
  • The file at "<$PROGRAMFILES>\AdvanceMark\bin\utilAdvanceMark.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\dfnjhlanpjogndmmekddbolopgckekpl.crx".
  • The file at "<$PROGRAMFILES>\AdvanceMark\ljgnombefpobmoclimknbkmilgbanpic.crx".
  • The file at "<$PROGRAMFILES>\AdvanceMark\updateAdvanceMark.exe".
  • The file at "<$PROGRAMFILES>\AdvanceMark\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.AdvanceMark uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\AdvanceMark\bin\plugins".
  • The directory at "<$PROGRAMFILES>\AdvanceMark\bin".
  • The directory at "<$PROGRAMFILES>\AdvanceMark".

Make sure you set your file manager to display hidden and system files. If Ad.AdvanceMark uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{45B3E633-A501-4653-B6E6-06D5EF56385C}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "{C51F9ABF-47E3-4598-AE64-936AC952C7ED}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{f4bd9fab-17a2-4273-8120-bc88631fc74f}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{f4bd9fab-17a2-4273-8120-bc88631fc74f}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "AdvanceMark" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "AdvanceMark" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USER\Software\AdvanceMark\".
  • Delete the registry key "Update AdvanceMark" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update AdvanceMark" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update AdvanceMark" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\AdvanceMark\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\AdvanceMark\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\AdvanceMark\".

If Ad.AdvanceMark uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Adanak

The following instructions have been created to help you to get rid of "Ad.Adanak" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Adanak claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.adanak.net/Privacy

Links (be careful!):

: ttp://adanak.net
: ttp://www.adanak.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{52fcec3b-6175-49f8-bc7d-127a0e656055}.xpi".
  • The file at "<$PROGRAMFILES>\Adanak\Adanak.Common.dll".
  • The file at "<$PROGRAMFILES>\Adanak\Adanak.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\Adanak\Adanak.ico".
  • The file at "<$PROGRAMFILES>\Adanak\AdanakBHO.dll".
  • The file at "<$PROGRAMFILES>\Adanak\Adanakuninstall.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\Adanak.BOAS.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\Adanak.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\Adanak.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\Adanak.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\Adanak.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\Adanak.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\Adanak.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\Adanak.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\AdanakBA.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\AdanakBAApp.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\AdanakBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.BOAS.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.Bromon.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.BroStats.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.BRT.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\plugins\Adanak.Repmon.dll".
  • The file at "<$PROGRAMFILES>\Adanak\bin\utilAdanak.exe".
  • The file at "<$PROGRAMFILES>\Adanak\updateAdanak.exe".
  • The file at "<$PROGRAMFILES>\Adanak\updater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Adanak uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>\Adanak\bin\plugins".
  • The directory at "<$PROGRAMFILES>\Adanak\bin".
  • The directory at "<$PROGRAMFILES>\Adanak".

Make sure you set your file manager to display hidden and system files. If Ad.Adanak uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "adanak.net" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\".
  • Delete the registry key "Adanak" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Adanak" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
  • Delete the registry key "Update Adanak" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update Adanak" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update Adanak" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "iid" at "HKEY_LOCAL_MACHINE\SOFTWARE\Adanak\".

If Ad.Adanak uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.WebSparkle

The following instructions have been created to help you to get rid of "Ad.WebSparkle" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.WebSparkle claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://websparkle.biz/Privacy

Links (be careful!):

: ttp://websparkle.biz
: ttp://www.websparkle.biz

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "firefox@websparkle.biz.xpi".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BOAS.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.Bromon.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BroStats.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BRT.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.DspSvc.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.ExpExt.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.FeSvc.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.OfSvc.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.Repmon.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinutilWebSparkle.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.BOAS.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.ExpExt.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkleBA.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkleBAApp.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkleBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>WebSparkleikgojpdbiniccokkgadmdheobjfdbbcg.crx".
  • The file at "<$PROGRAMFILES>WebSparkleupdater.exe".
  • The file at "<$PROGRAMFILES>WebSparkleupdateWebSparkle.exe".
  • The file at "<$PROGRAMFILES>WebSparkleWebSparkle.Common.dll".
  • The file at "<$PROGRAMFILES>WebSparkleWebSparkle.FirstRun.exe".
  • The file at "<$PROGRAMFILES>WebSparkleWebSparkle.ico".
  • The file at "<$PROGRAMFILES>WebSparkleWebSparkleBHO.dll".
  • The file at "<$PROGRAMFILES>WebSparkleWebSparkleuninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.WebSparkle uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsikgojpdbiniccokkgadmdheobjfdbbcg1.0.0_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsikgojpdbiniccokkgadmdheobjfdbbcg".
  • The directory at "<$PROGRAMFILES>WebSparklebinplugins".
  • The directory at "<$PROGRAMFILES>WebSparklebin".
  • The directory at "<$PROGRAMFILES>WebSparkle".

Make sure you set your file manager to display hidden and system files. If Ad.WebSparkle uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{6832C453-2F06-4A9F-9080-5DDECF242856}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{6935FA3E-0771-4B2F-A668-8C9CC50A7C90}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{9f56bab3-2739-40ed-a8d0-1451657a9742}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9f56bab3-2739-40ed-a8d0-1451657a9742}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Update WebSparkle" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update WebSparkle" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update WebSparkle" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "WebSparkle" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "WebSparkle" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareWebSparkle".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareWebSparkle".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareWebSparkle".

If Ad.WebSparkle uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SerialTrunc

The following instructions have been created to help you to get rid of "Ad.SerialTrunc" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.SerialTrunc claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.serialtrunc.com/Privacy

Links (be careful!):

: ttp://serialtrunc.com
: ttp://www.serialtrunc.com

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{47351c22-0d6c-4658-a617-795d251145e2}.xpi".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BOAS.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.Bromon.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BroStats.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BRT.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.DspSvc.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.ExpExt.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.FeSvc.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.OfSvc.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.Repmon.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.BOAS.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.ExpExt.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTruncBA.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTruncBAApp.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTruncBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinutilSerialTrunc.exe".
  • The file at "<$PROGRAMFILES>SerialTruncokbdcdmpkkncigegdkhhhamjblgjbfja.crx".
  • The file at "<$PROGRAMFILES>SerialTruncSerialTrunc.Common.dll".
  • The file at "<$PROGRAMFILES>SerialTruncSerialTrunc.FirstRun.exe".
  • The file at "<$PROGRAMFILES>SerialTruncSerialTrunc.ico".
  • The file at "<$PROGRAMFILES>SerialTruncSerialTruncBHO.dll".
  • The file at "<$PROGRAMFILES>SerialTruncSerialTruncUninstall.exe".
  • The file at "<$PROGRAMFILES>SerialTruncupdater.exe".
  • The file at "<$PROGRAMFILES>SerialTruncupdateSerialTrunc.exe".

Make sure you set your file manager to display hidden and system files. If Ad.SerialTrunc uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsokbdcdmpkkncigegdkhhhamjblgjbfja1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsokbdcdmpkkncigegdkhhhamjblgjbfja".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsokbdcdmpkkncigegdkhhhamjblgjbfja".
  • The directory at "<$PROGRAMFILES>SerialTruncbinplugins".
  • The directory at "<$PROGRAMFILES>SerialTruncbin".
  • The directory at "<$PROGRAMFILES>SerialTrunc".

Make sure you set your file manager to display hidden and system files. If Ad.SerialTrunc uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{033A4BE2-42B1-4ACB-A69F-D362922136F0}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{3D1E2CA3-890D-4528-B816-2216F0E16E27}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{6BA82436-C754-4B49-B6AD-075AFA9FC625}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{8F3B5A2D-2D9B-454E-9EE5-20CE1532E9CD}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{e76b4f24-4a2f-4e65-ad36-e2aa934e547c}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{e76b4f24-4a2f-4e65-ad36-e2aa934e547c}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{e93a89a5-325d-4ef5-809d-819f657f498e}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{e93a89a5-325d-4ef5-809d-819f657f498e}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Chrome" at "HKEY_LOCAL_MACHINESOFTWARESerialTrunc".
  • Delete the registry key "Firefox" at "HKEY_CURRENT_USERSoftwareSerialTrunc".
  • Delete the registry key "Firefox" at "HKEY_LOCAL_MACHINESOFTWARESerialTrunc".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareSerialTrunc".
  • Delete the registry key "Internet Explorer" at "HKEY_LOCAL_MACHINESOFTWARESerialTrunc".
  • Delete the registry key "SerialTrunc" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "SerialTrunc" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "SerialTrunc" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Update SerialTrunc" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update SerialTrunc" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update SerialTrunc" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".

If Ad.SerialTrunc uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.BlindBat

The following instructions have been created to help you to get rid of "Ad.BlindBat" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.BlindBat claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>blindbatbinblindbat.BOAS.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.ExpExt.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbatBA.dll".
  • The file at "<$PROGRAMFILES>blindbatbinblindbatBAApp.dll".
  • The file at "<$PROGRAMFILES>blindbatbinblindbatBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BOAS.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.Bromon.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BroStats.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BRT.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.DspSvc.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.ExpExt.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.FeSvc.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.OfSvc.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.Repmon.dll".
  • The file at "<$PROGRAMFILES>blindbatbinutilblindbat.exe".
  • The file at "<$PROGRAMFILES>blindbatblindbat.Common.dll".
  • The file at "<$PROGRAMFILES>blindbatblindbat.FirstRun.exe".
  • The file at "<$PROGRAMFILES>blindbatblindbat.ico".
  • The file at "<$PROGRAMFILES>blindbatblindbatBHO.dll".
  • The file at "<$PROGRAMFILES>blindbatblindbatuninstall.exe".
  • The file at "<$PROGRAMFILES>blindbatupdateblindbat.exe".
  • The file at "<$PROGRAMFILES>blindbatupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.BlindBat uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>blindbatbinplugins".
  • The directory at "<$PROGRAMFILES>blindbatbin".
  • The directory at "<$PROGRAMFILES>blindbat".

Make sure you set your file manager to display hidden and system files. If Ad.BlindBat uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{A653C2BF-2527-4CA5-B18E-CF0199205274}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{a7283e35-7d50-43f7-b698-b29f6b5fe256}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{a7283e35-7d50-43f7-b698-b29f6b5fe256}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{cb1efc96-b4ad-4a33-b6fe-7f7bf4039d0a}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "blindbat" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "blindbat" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update blindbat" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update blindbat" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update blindbat" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".

If Ad.BlindBat uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Fraud.WinIFixer

The following instructions have been created to help you to get rid of "Fraud.WinIFixer" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • malware
  • rogue

Description:

Fraud.WinIFixer is a rogue anti spyware program. It shows legitimate registry entries as security threats and urges the user through annoying pop-ups to buy the fraudulent application.

Removal Instructions:

Quicklaunch area:

Please remove the following items from your start quick launch area next to the "Start" button in the taskbar at the bottom.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.

  • Quicklaunch symbols named "WinIFixer.lnk" and pointing to "<$PROGRAMFILES>WinIFixerWinIFixer.exe".

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "WinIFixer" and pointing to "<$PROGRAMFILES>WinIFixerWinIFixer.exe".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "WinIFixer".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$COMMONDESKTOP>WinIFixer.lnk".
  • The file at "<$COMMONPROGRAMS>WinIFixer.lnk".
  • The file at "<$PROGRAMFILES>WinIFixerdatabase.dat".
  • The file at "<$PROGRAMFILES>WinIFixerlicense.txt".
  • The file at "<$PROGRAMFILES>WinIFixerUninstall.exe".
  • The file at "<$PROGRAMFILES>WinIFixerWinIFixer.exe".
  • The file at "<$PROGRAMFILES>WinIFixerWinIFixerSkin.dll".

Make sure you set your file manager to display hidden and system files. If Fraud.WinIFixer uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunHKCURunOnce".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunHKCU".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunHKLMRunOnce".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunHKLM".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunStartMenuAllUsers".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunStartMenuCurrentUser".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorun".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineBrowserObjects".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantinePackages".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantine".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixer".
  • The directory at "<$APPDATA>WinIFixer".
  • The directory at "<$COMMONPROGRAMS>WinIFixer".
  • The directory at "<$PROGRAMFILES>WinIFixer".

Make sure you set your file manager to display hidden and system files. If Fraud.WinIFixer uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "WinIFixer.com" at "HKEY_LOCAL_MACHINESOFTWARE".

If Fraud.WinIFixer uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Fraud.MalwarePatrolPRO

The following instructions have been created to help you to get rid of "Fraud.MalwarePatrolPRO" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • malware
  • rogue

Description:

Fraud.MalwarePatrolPRO is a rogue anti spyware program. It shows legitimate registry entries as security threats and urges the user through annoying pop-ups to buy the fraudulent application.

Removal Instructions:

Quicklaunch area:

Please remove the following items from your start quick launch area next to the "Start" button in the taskbar at the bottom.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.

  • Quicklaunch symbols named "MPatrolPRO.lnk" and pointing to "<$PROGRAMFILES>MPatrolPROMPatrolPRO.exe".

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "MPatrolPRO" and pointing to "<$PROGRAMFILES>MPatrolPROMPatrolPRO.exe".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "MPatrolPRO".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$COMMONDESKTOP>MPatrolPRO.lnk".
  • The file at "<$COMMONPROGRAMS>Malware Patrol PRO.lnk".
  • The file at "<$PROGRAMFILES>MPatrolPROdatabase.dat".
  • The file at "<$PROGRAMFILES>MPatrolPROlicense.txt".
  • The file at "<$PROGRAMFILES>MPatrolPROMPatrolPRO.exe".
  • The file at "<$PROGRAMFILES>MPatrolPROMPatrolPROSkin.dll".
  • The file at "<$PROGRAMFILES>MPatrolPROUninstall.exe".

Make sure you set your file manager to display hidden and system files. If Fraud.MalwarePatrolPRO uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunHKCURunOnce".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunHKCU".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunHKLMRunOnce".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunHKLM".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunStartMenuAllUsers".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunStartMenuCurrentUser".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorun".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineBrowserObjects".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantinePackages".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantine".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPRO".
  • The directory at "<$APPDATA>MPatrolPRO".
  • The directory at "<$COMMONPROGRAMS>Malware Patrol PRO".
  • The directory at "<$PROGRAMFILES>MPatrolPRO".

Make sure you set your file manager to display hidden and system files. If Fraud.MalwarePatrolPRO uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "MPatrolPRO" at "HKEY_LOCAL_MACHINESOFTWARE".

If Fraud.MalwarePatrolPRO uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.PursuePoint

The following instructions have been created to help you to get rid of "Ad.PursuePoint" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.PursuePoint claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://pursuepoint.com/Privacy

Links (be careful!):

: ttp://pursuepoint.com/
: ttp://www.pursuepoint.com/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BOAS.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.Bromon.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BroStats.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BRT.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.DspSvc.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.ExpExt.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.FeSvc.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.OfSvc.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.Repmon.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.BOAS.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.ExpExt.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePointBA.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePointBAApp.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePointBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinutilPursuePoint.exe".
  • The file at "<$PROGRAMFILES>PursuePointPursuePoint.Common.dll".
  • The file at "<$PROGRAMFILES>PursuePointPursuePoint.FirstRun.exe".
  • The file at "<$PROGRAMFILES>PursuePointPursuePoint.ico".
  • The file at "<$PROGRAMFILES>PursuePointPursuePointBHO.dll".
  • The file at "<$PROGRAMFILES>PursuePointPursuePointuninstall.exe".
  • The file at "<$PROGRAMFILES>PursuePointupdatePursuePoint.exe".
  • The file at "<$PROGRAMFILES>PursuePointupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.PursuePoint uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>PursuePointbinplugins".
  • The directory at "<$PROGRAMFILES>PursuePointbin".
  • The directory at "<$PROGRAMFILES>PursuePoint".

Make sure you set your file manager to display hidden and system files. If Ad.PursuePoint uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{3C34D780-67A3-4E14-9001-5D9E4CE42F48}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{8A849661-DFEC-4C8F-ACF6-5DEA14ABDAB3}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{e1578e0c-7554-4980-a160-d0f4f7d8af47}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{e1578e0c-7554-4980-a160-d0f4f7d8af47}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "PursuePoint" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "PursuePoint" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update PursuePoint" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update PursuePoint" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update PursuePoint" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".

If Ad.PursuePoint uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.GearScroll

The following instructions have been created to help you to get rid of "Ad.GearScroll" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.GearScroll claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.gearscroll.net/Privacy

Links (be careful!):

: ttp://gearscroll.net/
: ttp://www.gearscroll.net/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{3a97dd70-72bb-46f4-8870-7194ab32b8fe}.xpi".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.BOAS.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.ExpExt.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScrollBA.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScrollBAApp.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScrollBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BOAS.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.Bromon.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BroStats.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BRT.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.DspSvc.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.ExpExt.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.FeSvc.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.OfSvc.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.Repmon.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinutilGearScroll.exe".
  • The file at "<$PROGRAMFILES>GearScrollGearScroll.Common.dll".
  • The file at "<$PROGRAMFILES>GearScrollGearScroll.FirstRun.exe".
  • The file at "<$PROGRAMFILES>GearScrollGearScroll.ico".
  • The file at "<$PROGRAMFILES>GearScrollGearScrollBHO.dll".
  • The file at "<$PROGRAMFILES>GearScrollGearScrolluninstall.exe".
  • The file at "<$PROGRAMFILES>GearScrollupdateGearScroll.exe".
  • The file at "<$PROGRAMFILES>GearScrollupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.GearScroll uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>GearScrollbinplugins".
  • The directory at "<$PROGRAMFILES>GearScrollbin".
  • The directory at "<$PROGRAMFILES>GearScroll".

Make sure you set your file manager to display hidden and system files. If Ad.GearScroll uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "gearscroll.net" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "GearScroll" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "GearScroll" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "GearScroll" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Update GearScroll" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update GearScroll" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update GearScroll" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareGearScroll".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareGearScroll".
  • Delete the registry value "iid" at "HKEY_LOCAL_MACHINESOFTWAREGearScroll".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareGearScroll".

If Ad.GearScroll uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Albrechto

The following instructions have been created to help you to get rid of "Ad.Albrechto" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Albrechto claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.albrechto.co/Privacy

Links (be careful!):

: ttp://albrechto.co
: ttp://www.albrechto.co

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>albrechtoalbrechto.Common.dll".
  • The file at "<$PROGRAMFILES>albrechtoalbrechto.FirstRun.exe".
  • The file at "<$PROGRAMFILES>albrechtoalbrechto.ico".
  • The file at "<$PROGRAMFILES>albrechtoalbrechtoBHO.dll".
  • The file at "<$PROGRAMFILES>albrechtoalbrechtouninstall.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.BOAS.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.ExpExt.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechtoBA.dll".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechtoBAApp.dll".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechtoBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BOAS.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.Bromon.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BroStats.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BRT.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.DspSvc.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.ExpExt.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.FeSvc.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.OfSvc.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.Repmon.dll".
  • The file at "<$PROGRAMFILES>albrechtobinutilalbrechto.exe".
  • The file at "<$PROGRAMFILES>albrechtonkopijddpkmggacdghppacglggodkcod.crx".
  • The file at "<$PROGRAMFILES>albrechtoupdatealbrechto.exe".
  • The file at "<$PROGRAMFILES>albrechtoupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Albrechto uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnkopijddpkmggacdghppacglggodkcod1.0.0_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnkopijddpkmggacdghppacglggodkcod".
  • The directory at "<$PROGRAMFILES>albrechtobinplugins".
  • The directory at "<$PROGRAMFILES>albrechtobin".
  • The directory at "<$PROGRAMFILES>albrechto".

Make sure you set your file manager to display hidden and system files. If Ad.Albrechto uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{1881a451-f7fb-44bc-85b2-fcea4b1403e3}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{1881a451-f7fb-44bc-85b2-fcea4b1403e3}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{33245300-D6A0-4F27-B1DE-CD4C97380218}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{43FE7D98-607E-495F-9800-15220FA5698F}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{4b74bd5c-e08b-4921-92bc-1ea8bb899da2}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{4b74bd5c-e08b-4921-92bc-1ea8bb899da2}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{B287C84C-3FB1-48E8-914A-44A41222194C}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{BF411B06-E132-46D1-94B8-15D8E39A9D92}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{CE5A6611-5000-43C6-BBF7-014127FE985A}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "albrechto" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "albrechto" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update albrechto" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update albrechto" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update albrechto" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwarealbrechto".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwarealbrechto".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwarealbrechto".

If Ad.Albrechto uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Spybot 2.5 and Scanner 2.6

Spybot version 2.4 is the most recent version of Spybot available on our website.

Users of the Windows 10 Operating System may encounter issues using this version of Spybot, so we have included files in Spybot’s updates to allow users to upgrade Spybot to version 2.5 after installation.

To do this, install and update Spybot 2.4. This will result in the appearance of a “Post Windows 10 Spybot-install” file which appears on your Desktop. Running this file will prompt you to download and install Spybot 2.5, which we have made changes to for compatibility with Windows 10.

We have not made Spybot 2.5 available on our website yet, as the changes made in this version can cause issues with older OS’s such as Windows Vista or XP.

Sharp-eyed users may also have noticed recently that Spybot’s system scanner has been upgraded to version 2.6. The additional files in this new version of the scanner include fixes for issues that some users were encountering such as:
– The system scan froze without displaying the scan results when the scan had completed (Zlob.ZipCodec issue).
– The “Settings” button in Spybot’s Start Center was unresponsive.

When the fixes for these issues were successfully tested, they were included in the updated version of the scanner.

Payment System Issues 2016-04-20 (resolved)

Please note that if you tried to purchase a Spybot license in the last 24 hours, your order may not have been processed properly due to technical issues with our payment system.

If you encountered this issue, your license request may have been sent as a “Test” order, and a license was not generated for you. If your order was processed this way, your credit card will not have been charged for your purchase.

This issue has since been fixed, and orders are now functioning correctly. If you place a new order, this will be processed correctly and your license will be generated for you.

If you have any concerns about this issue, or are unsure if you were affected by it, you can contact our Sales Team here:

Resend License

Manual Removal Guide for Win32.BHO.acsi

The following instructions have been created to help you to get rid of "Win32.BHO.acsi" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan
  • bho

Description:

Win32.BHO.acsi creates files in the program files subfolder "extremeup" and installs a BHO (Browser Helper Object).

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "extremeup" and pointing to "<$PROGRAMFILES>extremeupextremeupupdate.exe".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>extremeupextremeup.dll".
  • The file at "<$PROGRAMFILES>extremeupextremeupupdate.exe".
  • The file at "<$PROGRAMFILES>extremeupuninstall.exe".

Make sure you set your file manager to display hidden and system files. If Win32.BHO.acsi uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>extremeup".

Make sure you set your file manager to display hidden and system files. If Win32.BHO.acsi uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT named "autopopup.autopopupobj.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "autopopup.autopopupobj", plus associated values.
  • Delete the registry key "{0C0882B9-B682-4800-8258-B367CD9851FB}" at "HKEY_CLASSES_ROOTAppID".
  • Delete the registry key "{301629EB-3644-45C2-8E24-97B95054983B}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{8327886C-C208-408B-AD90-B3EE40C42947}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{8327886C-C208-408B-AD90-B3EE40C42947}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{F9849E61-949E-4A3C-B87D-0C920D223433}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "autopopup.DLL" at "HKEY_CLASSES_ROOTAppID".
  • Delete the registry key "extremeup" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "extremeup" at "HKEY_CURRENT_USERSoftwareAppDataLowSoftware".
  • Delete the registry key "extremeup" at "HKEY_LOCAL_MACHINESOFTWARE".

If Win32.BHO.acsi uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.ClingClang

The following instructions have been created to help you to get rid of "Ad.ClingClang" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.ClingClang claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.BOAS.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.ExpExt.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClangBA.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClangBAApp.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClangBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BOAS.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.Bromon.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BroStats.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BRT.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.DspSvc.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.ExpExt.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.FeSvc.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.OfSvc.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.Repmon.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinutilClingClang.exe".
  • The file at "<$PROGRAMFILES>Cling ClangClingClang.Common.dll".
  • The file at "<$PROGRAMFILES>Cling ClangClingClang.FirstRun.exe".
  • The file at "<$PROGRAMFILES>Cling ClangClingClang.ico".
  • The file at "<$PROGRAMFILES>Cling ClangClingClangBHO.dll".
  • The file at "<$PROGRAMFILES>Cling ClangClingClanguninstall.exe".
  • The file at "<$PROGRAMFILES>Cling ClangupdateClingClang.exe".
  • The file at "<$PROGRAMFILES>Cling Clangupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.ClingClang uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>Cling Clangbinplugins".
  • The directory at "<$PROGRAMFILES>Cling Clangbin".
  • The directory at "<$PROGRAMFILES>Cling Clang".

Make sure you set your file manager to display hidden and system files. If Ad.ClingClang uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{aa9aa36b-5b7b-4996-b083-83ef84d53b19}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{aa9aa36b-5b7b-4996-b083-83ef84d53b19}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{F5CC28D2-55BD-4D7D-A315-BE93C4EDA1C2}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "Cling Clang" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Cling Clang" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update Cling Clang" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Cling Clang" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Cling Clang" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".

If Ad.ClingClang uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.QvodPlayer

The following instructions have been created to help you to get rid of "Ad.QvodPlayer" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.QvodPlayer installs a chinese video player and adware applications, e.g. BaiduBar.

Removal Instructions:

Desktop:

Please remove the following files from your desktop.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.

  • Shortcuts named "QvodPlayer" and pointing to "E:Program FilesQvodPlayerQvodPlayer.exe".

Important: There are more desktop links that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Quicklaunch area:

Important: There are more quicklaunch items that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "Kuaiwan" and pointing to "?<$PROGRAMFILES>KuaiwanKuaiwan.exe*".
  • Entries named "QvodPlayer" and pointing to "<$SYSDRIVE>Program FilesQvodPlayerQvodTerminal.exe".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "Kuaiwan".
  • Products that have a key or property named "QvodPlayer".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$COMMONAPPDATA>KuaiWanAppInfo.xml".
  • The file at "<$COMMONAPPDATA>KuaiWanUser.ini".
  • The file at "<$PROGRAMFILES>KuaiwanskinDefaultSkin.xml".
  • The file at "<$PROGRAMFILES>KuaiwanskinDefaultSkinMainTabThumbs.db".
  • The file at "<$PROGRAMFILES>KuaiwanskinDefaultSkinWebGameTabThumbs.db".
  • The file at "<$SYSDRIVE>desktop.ini".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerAddInASBarBroker.exe".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerQvodCfg.ini".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerSkinDefaultvolumep.bmp".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerTipPopMessage.xml".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerTipQvodTip.exe".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerTipQvodTips.dll".

Make sure you set your file manager to display hidden and system files. If Ad.QvodPlayer uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>qvodaddr".
  • The directory at "<$COMMONAPPDATA>KuaiWan".
  • The directory at "<$COMMONPROGRAMFILES>QvodPlayerCodecs".
  • The directory at "<$COMMONPROGRAMFILES>QvodPlayer".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkininsert".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkinkey".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkinMainTab".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkinwebgame".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkinWebGameTab".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkin".
  • The directory at "<$PROGRAMFILES>Kuaiwanskin".
  • The directory at "<$PROGRAMFILES>Kuaiwan".
  • The directory at "<$PROGRAMS>QVOD".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerAddIn".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerCodecs".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerLang".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerLyrics".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinAluminum".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinBlue".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinDark".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinDefault".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinExalted".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinGray".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinMediaPlayer".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinMiNi".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinNavy".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_ccch".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_gysd".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_lskj".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_ly".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_QuickTimer".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_sl".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_xlxl".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_yh".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_yryh".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_zcl".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinSimple".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinSimple2".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkin".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerTip".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerViewdata".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayer".

Make sure you set your file manager to display hidden and system files. If Ad.QvodPlayer uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT named "KWCheck.KuaiWan.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "KWCheck.KuaiWan", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QVOD", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QVODADD", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "Qvodbt", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QVODCHA", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QvodInsert.QvodCtrl.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QvodInsert.QvodCtrl", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.3g2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.3gp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.3gp2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.3gpp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.aac", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ac3", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.aif", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.aifc", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.aiff", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.amr", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.amv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ape", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.asf", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.asx", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.au", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.avi", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.bik", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.cda", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.csf", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.cue", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.d2v", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dsa", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dsm", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dss", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dsv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dts", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dvd", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.evo", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.f4v", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.flac", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.flc", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.fli", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.flv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ivf", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m1v", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m2p", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m2ts", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m2v", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m3u", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m4a", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m4b", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m4p", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m4v", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mac", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mid", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.midi", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mkv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mod", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mov", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mp2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mp3", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mp4", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mp5", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mpa", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mpe", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mpeg", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mpg", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mpga", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mts", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mvx", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ogg", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ogm", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.pm2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.pmp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.pmp2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.pss", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.pva", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.qmv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.qpl", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.qsed", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.qt", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ra", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ram", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rat", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rm", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rmi", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rmvb", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.roq", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rpm", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rsc", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rt", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.smil", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.smk", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.smv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.swf", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.tim", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.tp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.tpr", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ts", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.tta", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ttpl", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.vg2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.vid", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.vob", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.vp6", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.vp7", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wav", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wm", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wma", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wmp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wmv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wmx", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wpl", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QVODSEA", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "ShareModule.QvodShare.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "ShareModule.QvodShare", plus associated values.
  • Delete the registry key "{00000001-4FEF-40D3-B3FA-E0531B897F98}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{007FC171-01AA-4B3A-B2DB-062DEE815A1E}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0180E49C-13BF-46DB-9AFD-9F52292E1C22}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{02AFA80F-4BEE-41FD-8572-214B58A9EF90}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{03D82D06-49E2-4E37-9670-BCAB4DBC642D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{04FE9017-F873-410E-871E-AB91661A4EF7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0512B874-44F6-48F1-AFB5-6DE808DDE230}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{05F983EC-637F-4133-B489-5E03914929D7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0912B4DD-A30A-4568-B590-7179EBB420EC}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{09571A4B-F1FE-4C60-9760-DE6D310C7C31}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0B390488-D80F-4A68-8408-48DC199F0E97}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0C56B154-43F7-48A0-87B2-E9ACC8E1E471}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0E9D4BF7-CBCB-46C7-BD80-4EF223A3DC2B}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0F40E1E5-4F79-4988-B1A9-CC98794E6B55}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{1365BE7A-C86A-473C-9A41-C0A6E82C9FA3}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{164A68B6-3F90-47C2-85A7-1E4D8952EF0A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{1932C124-77DA-4151-99AA-234FEA09F463}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{1ADD57B8-A7A9-4518-B9B5-862590FF9EB4}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy".
  • Delete the registry key "{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy".
  • Delete the registry key "{1F71651E-65D2-40BF-AC44-275D11927D99}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{20E9DE6B-87D5-4E85-8BB0-038284A6C44D}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{212CA6D1-E9BB-41cf-BF77-06E000F403A8}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{238D0F23-5DC9-45A6-9BE2-666160C324DD}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{24FA7933-FE18-46A9-914A-C2AA0DBACE93}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{2566F758-FE4A-4691-9F93-30AF685BB403}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{2627A1B6-F8FF-4E9C-9422-4908E8D1DFE9}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{2F09858D-D67F-4F8B-8DE8-666666CB9FAD}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{32E2BDD6-8812-42c3-A907-B9587C148EE3}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{363F46BE-27B4-4C8D-99E7-B1E049B84376}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{37991D68-42A3-40E3-8C05-037170E1A42A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{3BB3828F-9787-48A7-A894-6ADE46C64737}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{3CCC052E-BDEE-408A-BEA7-90914EF2964B}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{3E3ECA90-4D6A-4344-98C3-1BB95BF24038}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{3FD0479E-D6B9-4629-9496-509D3D070918}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{412C98D0-B46E-4FFA-92E1-4016782EE0AB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{432F118C-DB79-4561-9799-CC95EA78208B}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{46E00789-37CA-4278-8907-02088898B6B0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{47E792CF-0BBE-4F7A-859C-194B0768650A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{48B51CD7-D8FA-4452-B00C-5BBFDE92B9AB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{49590BC9-6DD5-4E44-AD4C-E8FCB7131EC4}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{4DB2B5D9-4556-4340-B189-AD20110D953F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{50DDA33E-C529-4343-9689-338ADC793BB5}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{533B0507-1869-4503-B61C-DA4842EEB800}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{53D9DE0B-FC61-4650-9773-74D13CC7E582}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{545A00C2-FCCC-40B3-9310-2C36AE64B0DD}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{54A35221-2C8D-4A31-A5DF-6D809847E393}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{5593CF36-190B-4A47-A4DD-9680093DBA1D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{55DA30FC-F16B-49FC-BAA5-AE59FC65A150}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{5711D95F-0984-4A22-8FF8-90A954958D0C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{57A5353F-2725-440c-BBBC-DB20A1C8A57D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{5905A0A9-A82C-4A7B-8418-FC1F6D1AD5DB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{59A0DB73-0287-4C9A-9D3C-8CFF39F8E5DB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{5BC26A00-5101-47d7-A5DB-AB6AAC44F51B}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{60765CF5-01C2-4EE7-A44B-C791CF25FEA0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{64697678-0000-0010-8000-00AA00389B71}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{64F2005C-6CF5-4652-B94F-600360B15B27}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{650DE05E-5CD3-44F8-BA20-A5BB91FC61E6}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{66EA14E6-E2B3-433D-923E-EE401CADBBD9}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6B97CB13-A992-4970-8864-4F32E845B7B4}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6D3688CE-3E9D-42F4-92CA-8A11119D25CD}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6E756F73-15A3-4ECE-98C0-D9CD2744F5A8}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6F6C6F63-0000-0010-8000-00AA00389B71}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{7139E26A-49CA-4344-B063-C702858627D9}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{75878923-D1ED-49AF-B550-BC993578292E}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{760A8F35-97E7-479D-AAF5-DA9EFF95D751}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{765035B3-5944-4A94-806B-20EE3415F26F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{78302E8C-3C6F-267C-2E0D-1D37BF7E3D64}" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "{78766964-0000-0010-8000-00AA00389B71}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy".
  • Delete the registry key "{7B63A013-DC2C-462E-9292-CAF8C867100F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{7B6F8B69-0925-48F1-AE78-7506D6C3972C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{7CA71B1E-A67D-4D54-A200-FA47605483A7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{7E493C9A-2E54-4F25-9B9A-D3C4DEBFCB62}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{803E8280-F3CE-4201-982C-8CD8FB512004}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{86708513-5A2E-424f-AB46-F4BE3F82954F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{87271B4E-1726-4CED-AF0D-BE675621FD29}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{87BBB4ED-1767-4b7e-821C-7C4657E439D4}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{895322C5-84A1-450C-8478-C57793CAE86F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{89B2C28D-779F-4704-AD29-113B0977E8A5}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{8E8B4A31-408B-4929-86A4-A9FA9F01BA43}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{8E9922F0-B775-45B8-B650-941BEA790EEB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{8F43B7D9-9D6B-4F48-BE18-4D787C795EEA}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{90A9B7D2-3794-45EA-9E23-140E3938D2D9}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{90C7D10E-CE9A-479B-A238-1A0F2396DE43}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{91878E42-FC03-4785-B513-1F9E613D1027}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{93A22E7A-5091-45EF-BA61-6DA26156A5D0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{941A4793-A705-4312-8DFC-C11CA05F397E}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{94C3E4BB-A261-4A83-B437-EA6F7A28CA68}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{94C3E4BB-A261-4A83-B437-EA6F7A28CA68}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{96CE7B0D-06B3-42E2-8DB7-CFC6CF0121F6}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9736D831-9D6C-4E72-B6E7-560EF9181001}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9852A670-F845-491B-9BE6-EBD841B8A613}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{99735894-CAF4-488B-8275-B8CB1998216E}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{99AA8908-FC7F-4815-B023-3BC2F5F8D372}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{99D9DC39-90DE-41D3-AECA-345D7F1B9540}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9A6E096E-4588-3E32-F06C-69F6B8784825}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9A6E096E-4588-3E32-F06C-69F6B8784825}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{9A98ADCC-C6A4-449E-A8B1-0363673D9F8A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9B2DBA95-39D2-4537-8BBF-CED535E8DE56}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9F44453E-1E46-4D5C-B57C-112FF2EDAE82}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9FF48807-E133-40AA-826F-9B2959E5232D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A0606860-51BE-4CF6-99C0-7CE5F78AC2D8}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A28F324B-DDC5-4999-AA25-D3A7E25EF7A8}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A36C253D-CEE4-4BCA-9CC2-E03CF6BBB054}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A753A1EC-973E-4718-AF8E-A3F554D45C44}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A8B25C0E-0894-4531-B668-AB1599FAF7F6}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A94662D1-35FD-43d1-BDA3-172CE4D5C236}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A975010E-D292-4A74-A9FF-E536C94C0647}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{AAA4AACD-FD95-4240-9C45-9EB98E5DAC52}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{ACD23F8C-B37E-4B2D-BA08-86CB6E621D6A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{ACE4747B-35BD-4E97-9DD7-1D4245B0695C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{AD461A96-4DB8-4C6E-BF23-84D682ADC382}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{AD92C6E6-997A-4E9E-9D7D-EDED6DE933FB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{AF54DF04-9597-4B3D-947A-3A7A7F29C0E9}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B3DE7EDC-0CD4-4d07-B1C5-92219CD475CC}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B4DAEDB7-7F0E-434F-9AA3-B82B549A3680}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B5A7D70F-AE96-4F83-B811-572CA3529323}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B6EAE677-074B-43EA-9239-5E509F87C652}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B7BCE5B0-2112-420A-BDFF-178995FBFCA2}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B841F346-4835-4de8-AA5E-2E7CD2D4C435}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B86F6BEE-E7C0-4D03-8D52-5B4430CF6C88}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes".
  • Delete the registry key "{BA327E17-6AE9-430B-8246-1A90208AD1D7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{BAC04407-3588-42AA-93BE-6D3720E9FB28}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{BB9CDE7F-AF28-4205-9B3C-789FA7D0F29F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{BD4FB4BE-809D-487b-ADD6-F7D164247E52}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{BDE0D9DF-288F-4286-906F-93197673B3A7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C1630673-8C58-481C-9F15-83F11D8B89F0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C204438D-6E1A-4309-B09C-0C0F749863AF}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C29CE93C-3908-4DA7-A7DA-4968C3AF2AE8}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{C2D6D98F-09CA-4524-AF64-1049B5665C9C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C7E094E1-A326-4E33-824D-6598D399DA13}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C8B9C208-9E5C-4F09-AED5-B21A273C4CCA}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C9ECE7B3-1D8E-41F5-9F24-B255DF16C087}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{CE77C59C-CFD2-429F-868C-8B04D23F94CA}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{CEA8DEFF-0AF7-4DB9-9A38-FB3C3AEFC0DE}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D02E3AB9-7796-40CB-BDFC-20D834FE1F75}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{D0430FE6-1621-41e4-A109-CA5B0C57FE1D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D2598A88-4035-4556-84A2-B0F76A544E92}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D367878E-F3B8-4235-A968-F378EF1B9A44}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D48D1EB2-BF95-4EE1-BD69-9AD0515F050D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D6065CEC-BDEE-4C6D-BE53-DD27DFED2E75}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{D6A9B8CC-192D-4F00-8BF8-AD8774011B07}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D6D61C19-8563-4e8e-B755-0589DA6A3077}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D7AF1F00-A702-4D1B-8490-8B7E0CDC3DEF}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D8DF27C0-209C-41EF-8AF9-30A0C2C13268}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{DB43B405-43AA-4f01-82D8-D84D47E6019C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{DBF9000E-F08C-4858-B769-C914A0FBB1D7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{DC257063-045F-4BE2-BD5B-E12279C464F0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{df20ddfa-0d19-463a-ab46-e5d8ef6efd69}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E117D42B-839C-498A-95DA-647BC90E2B8F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E21BE468-5C18-43EB-B0CC-DB93A847D769}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E3DEC0EB-13E4-45EE-8F2E-577A3ECAFCBD}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{E4C3B74F-0C02-4D4E-B932-F7A1889B3ABB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E5960BC4-A76B-4211-BEEC-9AEE2AF8AAE6}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E9203D3F-6404-40aa-99CC-5267215B81A7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{EBCBF283-A798-4BA1-A8E1-E9413927F715}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{ECCBA771-92F2-497b-98AA-5FAA0BAA2DF6}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F0B801B1-A239-473B-B6B4-6AE3DB3ABBD3}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F13D3732-96BD-4108-AFEB-E85F68FF64DC}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F23B1F18-CB1A-47ED-A1FE-B60494A626D0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F3D0D36F-23F8-4682-A195-74C92B03D4AF}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F4F4A9DC-D4B6-4145-8EBC-8E5099686237}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F544E0F5-CA3C-47EA-A64D-35FCF1602396}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F6E8FC04-8B05-48B1-9399-848229502A06}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F9BC0421-BB5C-447D-8547-BB45AFA80A4D}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{F9D06915-85A0-442A-A465-5F3AAAFE059B}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{FBA5FB05-58C3-45CB-8B0D-C2313EA048CF}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{FF5DCC7A-7147-41E1-86E8-DD05ABD588BF}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{FFFCC670-5CD4-4C09-952C-F53F46C2B1A7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "Kuaiwan.exe" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp Paths".
  • Delete the registry key "Kuaiwan" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "KuaiWanInsert" at "HKEY_CURRENT_USERSoftwareMozillaPlugins".
  • Delete the registry key "madFlac" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "QvodCDAudioOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersHandlers".
  • Delete the registry key "QvodDVDMovieOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersHandlers".
  • Delete the registry key "QvodMediaOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersHandlers".
  • Delete the registry key "QvodMenu" at "HKEY_CLASSES_ROOT*shellexContextMenuHandlers".
  • Delete the registry key "QvodPlayer.exe" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp Paths".
  • Delete the registry key "QvodPlayer" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "QvodPlayer" at "HKEY_CURRENT_USERSoftwareCyberLinkCommonCLVSD".
  • Delete the registry key "QvodPlayer" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT.dat".
  • Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT.dvd".
  • Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT.mov".
  • Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT.torrent".
  • Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT.wmp".
  • Delete the registry value "qhtp" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsAccepted Documents".
  • Delete the registry value "qvod" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsAccepted Documents".
  • Delete the registry value "QvodCDAudioOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersEventHandlersPlayCDAudioOnArrival".
  • Delete the registry value "QvodDVDMovieOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersEventHandlersPlayDVDMovieOnArrival".
  • Delete the registry value "QvodMediaOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersEventHandlersPlayMusicFilesOnArrival".
  • Delete the registry value "QvodMediaOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersEventHandlersPlayVideoFilesOnArrival".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.aif".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.aifc".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.aiff".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.asf".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.asx".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.au".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.avi".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.cda".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.ivf".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.m1v".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.m3u".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mid".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.midi".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mp2".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mp3".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mpa".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mpe".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mpeg".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mpg".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.rat".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.rmi".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.rpm".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.swf".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wav".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wm".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wma".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wmv".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wmx".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wpl".

If Ad.QvodPlayer uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Browser:

The following browser plugins or items can either be removed directly in your browser, or through the help of e.g. Spybot-S&D or RunAlyzer.

  • Please check your bookmarks for links to "kuaibo.com".

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Okiitan

The following instructions have been created to help you to get rid of "Ad.Okiitan" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Okiitan claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://okiitan.com/Privacy

Links (be careful!):

: ttp://okiitan.com/
: ttp://www.okiitan.com/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{78b17104-363a-4bd9-b49c-77419f14b0d0}.xpi".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.BOAS.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.ExpExt.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitanBA.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitanBAApp.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitanBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BOAS.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.Bromon.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BroStats.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BRT.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.DspSvc.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.ExpExt.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.FeSvc.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.OfSvc.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.Repmon.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinutilOkiitan.exe".
  • The file at "<$PROGRAMFILES>OkiitanOkiitan.Common.dll".
  • The file at "<$PROGRAMFILES>OkiitanOkiitan.FirstRun.exe".
  • The file at "<$PROGRAMFILES>OkiitanOkiitan.ico".
  • The file at "<$PROGRAMFILES>OkiitanOkiitanBHO.dll".
  • The file at "<$PROGRAMFILES>OkiitanOkiitanuninstall.exe".
  • The file at "<$PROGRAMFILES>OkiitanupdateOkiitan.exe".
  • The file at "<$PROGRAMFILES>Okiitanupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Okiitan uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>Okiitanbinplugins".
  • The directory at "<$PROGRAMFILES>Okiitanbin".
  • The directory at "<$PROGRAMFILES>Okiitan".

Make sure you set your file manager to display hidden and system files. If Ad.Okiitan uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "Okiitan" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Okiitan" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update Okiitan" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Okiitan" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Okiitan" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".

If Ad.Okiitan uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Larparus

The following instructions have been created to help you to get rid of "Ad.Larparus" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Larparus claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.larparus.com/Privacy

Links (be careful!):

: ttp://larparus.com
: ttp://www.larparus.com

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>LarparusbinLarparus.BOAS.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.ExpExt.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparusBA.dll".
  • The file at "<$PROGRAMFILES>LarparusbinLarparusBAApp.dll".
  • The file at "<$PROGRAMFILES>LarparusbinLarparusBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BOAS.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.Bromon.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BroStats.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BRT.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.DspSvc.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.ExpExt.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.FeSvc.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.OfSvc.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.Repmon.dll".
  • The file at "<$PROGRAMFILES>LarparusbinutilLarparus.exe".
  • The file at "<$PROGRAMFILES>LarparusLarparus.Common.dll".
  • The file at "<$PROGRAMFILES>LarparusLarparus.FirstRun.exe".
  • The file at "<$PROGRAMFILES>LarparusLarparus.ico".
  • The file at "<$PROGRAMFILES>LarparusLarparusBHO.dll".
  • The file at "<$PROGRAMFILES>LarparusLarparusuninstall.exe".
  • The file at "<$PROGRAMFILES>Larparusnhggejjcbpfidlfahfdglfmhpdmoikbb.crx".
  • The file at "<$PROGRAMFILES>LarparusupdateLarparus.exe".
  • The file at "<$PROGRAMFILES>Larparusupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Larparus uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnhggejjcbpfidlfahfdglfmhpdmoikbb1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnhggejjcbpfidlfahfdglfmhpdmoikbb".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsnhggejjcbpfidlfahfdglfmhpdmoikbb".
  • The directory at "<$PROGRAMFILES>Larparusbinplugins".
  • The directory at "<$PROGRAMFILES>Larparusbin".
  • The directory at "<$PROGRAMFILES>Larparus".

Make sure you set your file manager to display hidden and system files. If Ad.Larparus uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{046c439e-6aa7-41d3-9838-62f88a9dc029}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{046c439e-6aa7-41d3-9838-62f88a9dc029}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{95490DA1-D9FC-4EE8-BC26-4617B2D19BAC}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{FB3F0DA5-B1E6-407B-8D63-2B048627FE67}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "Larparus" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Larparus" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update Larparus" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Larparus" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Larparus" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareLarparus".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareLarparus".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareLarparus".

If Ad.Larparus uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.FindRight

The following instructions have been created to help you to get rid of "Ad.FindRight" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.FindRight claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Links (be careful!):

: ttp://myfindright.com
: ttp://www.myfindright.com

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{42e50651-9669-456e-9081-d5a836274274}.xpi".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.BOAS.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.ExpExt.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRightBA.dll".
  • The file at "<$PROGRAMFILES>FindRightbinFindRightBAApp.dll".
  • The file at "<$PROGRAMFILES>FindRightbinFindRightBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BOAS.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.Bromon.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BroStats.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BRT.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.DspSvc.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.ExpExt.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.FeSvc.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.OfSvc.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.Repmon.dll".
  • The file at "<$PROGRAMFILES>FindRightbinutilFindRight.exe".
  • The file at "<$PROGRAMFILES>FindRightbinXTLSApp.dll".
  • The file at "<$PROGRAMFILES>FindRightbinXTLSApp.exe".
  • The file at "<$PROGRAMFILES>FindRightFindRight.Common.dll".
  • The file at "<$PROGRAMFILES>FindRightFindRight.FirstRun.exe".
  • The file at "<$PROGRAMFILES>FindRightFindRight.ico".
  • The file at "<$PROGRAMFILES>FindRightFindRightBHO.dll".
  • The file at "<$PROGRAMFILES>FindRightFindRightuninstall.exe".
  • The file at "<$PROGRAMFILES>FindRightibokihboaojdolnlgbejebillmaodnfc.crx".
  • The file at "<$PROGRAMFILES>FindRightupdateFindRight.exe".
  • The file at "<$PROGRAMFILES>FindRightupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.FindRight uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsibokihboaojdolnlgbejebillmaodnfc1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsibokihboaojdolnlgbejebillmaodnfc".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsibokihboaojdolnlgbejebillmaodnfc".
  • The directory at "<$PROGRAMFILES>FindRightbinplugins".
  • The directory at "<$PROGRAMFILES>FindRightbin".
  • The directory at "<$PROGRAMFILES>FindRight".

Make sure you set your file manager to display hidden and system files. If Ad.FindRight uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{2c774641-5504-46a8-b63f-6715ae3fe376}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{2c774641-5504-46a8-b63f-6715ae3fe376}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{4CCADDA1-60AD-48AA-97C2-FA892D2499FB}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{C638ABE2-47DA-4351-B170-E6A673D25CA3}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "FindRight" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "FindRight" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update FindRight" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update FindRight" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update FindRight" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareFindRight".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareFindRight".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareFindRight".

If Ad.FindRight uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.PrivacyPlus

The following instructions have been created to help you to get rid of "PU.PrivacyPlus" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.PrivacyPlus is a Korean unwanted program.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "PrivacyPlus" and pointing to "<$PROGRAMFILES>PrivacyPlusPrivacyPlusC.exe*".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALSETTINGS>TempPRIVACY_PLUS.exe".
  • The file at "<$PROGRAMFILES>PrivacyPlusUninstall.exe".

Make sure you set your file manager to display hidden and system files. If PU.PrivacyPlus uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>PrivacyPlus".

Make sure you set your file manager to display hidden and system files. If PU.PrivacyPlus uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "PrivacyPlus" at "HKEY_CURRENT_USERSoftware".

If PU.PrivacyPlus uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.WebFrog

The following instructions have been created to help you to get rid of "Ad.WebFrog" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.WebFrog is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://www.webfrog.co/Privacy

Links (be careful!):

: ttp://www.webfrog.co
: ttp://wwwwebfrogco-a.akamaihd.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BOAS.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.Bromon.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BroStats.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BRT.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.DspSvc.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.ExpExt.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.FeSvc.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.OfSvc.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.Repmon.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinutilWebFrog.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BOAS.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.ExpExt.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrogBA.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrogBAApp.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrogBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>Web Frogfirefox@webfrog.co.xpi".
  • The file at "<$PROGRAMFILES>Web Frogupdater.exe".
  • The file at "<$PROGRAMFILES>Web FrogupdateWebFrog.exe".
  • The file at "<$PROGRAMFILES>Web FrogWebFrog.Common.dll".
  • The file at "<$PROGRAMFILES>Web FrogWebFrog.FirstRun.exe".
  • The file at "<$PROGRAMFILES>Web FrogWebFrog.ico".
  • The file at "<$PROGRAMFILES>Web FrogWebFrogBHO.dll".
  • The file at "<$PROGRAMFILES>Web FrogWebFroguninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.WebFrog uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>Web Frogbinplugins".
  • The directory at "<$PROGRAMFILES>Web Frogbin".
  • The directory at "<$PROGRAMFILES>Web Frog".

Make sure you set your file manager to display hidden and system files. If Ad.WebFrog uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{08F912CE-C6DF-4557-99E3-90FDE95EB1A5}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{2840C6AA-D471-468E-98F7-C316A1E444EB}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{96850e3d-7a6b-49ff-b395-31430016c5ed}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{96850e3d-7a6b-49ff-b395-31430016c5ed}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Chrome" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry key "Firefox" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry key "Firefox" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry key "Internet Explorer" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry key "Update WebFrog" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update WebFrog" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update WebFrog" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "Web Frog" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Web Frog" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Web Frog" at "HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry value "iid" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareWeb Frog".

If Ad.WebFrog uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.ViewPlay

The following instructions have been created to help you to get rid of "Ad.ViewPlay" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.ViewPlay is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://www.viewplay.net/Privacy

Links (be careful!):

: ttp://www.viewplay.net
: ttp://wwwviewplaynet-a.akamaihd.net/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BOAS.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Bromon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BroStats.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BRT.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.DspSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.ExpExt.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.FeSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.OfSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Repmon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinutilViewPlay.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOAS.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BrowserFilter.Helper.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.ExpExt.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBA.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBAApp.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>ViewPlayupdater.exe".
  • The file at "<$PROGRAMFILES>ViewPlayupdateViewPlay.exe".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.Common.dll".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.FirstRun.exe".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.ico".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayBHO.7z".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayBHO.dll".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayFR.7z".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayuninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.ViewPlay uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>ViewPlaybinplugins".
  • The directory at "<$PROGRAMFILES>ViewPlaybin".
  • The directory at "<$PROGRAMFILES>ViewPlay".

Make sure you set your file manager to display hidden and system files. If Ad.ViewPlay uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{6336aaf8-3481-495b-bb79-70deb1f1590d}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6336aaf8-3481-495b-bb79-70deb1f1590d}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{BB412D2C-F5A0-442B-8923-9109CE207B2A}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{DB2BC9D8-FE5A-4D34-9340-40054F0A44FE}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "viewplay.net" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "ViewPlay" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "ViewPlay" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareViewPlay".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareViewPlay".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareViewPlay".

If Ad.ViewPlay uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.UtilDanawa

The following instructions have been created to help you to get rid of "Ad.UtilDanawa" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.UtilDanawa downloads and installs several Korean adware or PUPS.

Removal Instructions:

Desktop:

Important: There are more desktop links that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Quicklaunch area:

Important: There are more quicklaunch items that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "UtilDanawa" and pointing to "<$PROGRAMFILES>UtilDanawaUtilDanawa?.exe*".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>UtilDanawaUninstall.exe".
  • The file at "<$PROGRAMFILES>UtilDanawaUTDown.exe".
  • The file at "<$PROGRAMFILES>UtilDanawaUTDown2.exe".
  • The file at "<$PROGRAMFILES>UtilDanawaUTUp.exe".
  • The file at "<$PROGRAMFILES>UtilDanawaversion.cab".
  • The file at "<$SYSDIR>UtilDanawa.ico".

Make sure you set your file manager to display hidden and system files. If Ad.UtilDanawa uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>UtilDanawa".

Make sure you set your file manager to display hidden and system files. If Ad.UtilDanawa uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT named "UtilDanawaCtrl.UtilDanawa.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "UtilDanawaCtrl.UtilDanawa", plus associated values.
  • Delete the registry key "{1EFCE84D-F033-424A-98EC-509CBF814EED}" at "HKEY_CLASSES_ROOTAppID".
  • Delete the registry key "{2130339C-A739-46B4-989D-CC8031A4B62E}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{253BEEDD-2B63-48EC-8AEA-8297BAD9452C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{289B55CF-913A-4857-8F71-6D17B09267E6}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{289B55CF-913A-4857-8F71-6D17B09267E6}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{2C2B0F57-51F2-4d1d-9A90-B3249BA0CEE4}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{2C2B0F57-51F2-4D1D-9A90-B3249BA0CEE4}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{33297377-1A0F-4cfd-A866-EFDA4866A194}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{33297377-1A0F-4CFD-A866-EFDA4866A194}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{3AD6477B-6AB0-4770-9808-C3245346BD45}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{3AD6477B-6AB0-4770-9808-C3245346BD45}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{4855AC5F-ADB6-40D2-A6D7-7C7247D0A4DE}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{600A635A-7003-4347-BAC1-254A8F935B1A}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{600A635A-7003-4347-BAC1-254A8F935B1A}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{7781A959-A6BF-4dcc-928B-E5AF9ED668D7}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{7781A959-A6BF-4DCC-928B-E5AF9ED668D7}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{84BADA55-2BC1-4319-9BD3-1A5EE01EE1D8}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{84BADA55-2BC1-4319-9BD3-1A5EE01EE1D8}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{945D8B13-529C-43e8-B4ED-E7535CCDD2F7}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{945D8B13-529C-43E8-B4ED-E7535CCDD2F7}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{D0C0E513-8BC6-4FB7-BEF6-9652AFC9027B}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "UtilDanawa" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "UtilDanawaCtrl.DLL" at "HKEY_CLASSES_ROOTAppID".

If Ad.UtilDanawa uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Browser:

The following browser plugins or items can either be removed directly in your browser, or through the help of e.g. Spybot-S&D or RunAlyzer.

  • Please check your bookmarks for links to "downbomul.com".

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SearchFoot

The following instructions have been created to help you to get rid of "Ad.SearchFoot" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.SearchFoot claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.searchfoot.net/Privacy

Links (be careful!):

: ttp://searchfoot.net/
: ttp://www.searchfoot.net/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{5e1eb58a-cd04-42a5-b710-2b964d2a3d50}.xpi".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BOAS.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.Bromon.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BroStats.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BRT.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.DspSvc.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.ExpExt.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.FeSvc.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.OfSvc.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.Repmon.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.BOAS.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.ExpExt.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFootBA.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFootBAApp.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFootBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinutilSearchFoot.exe".
  • The file at "<$PROGRAMFILES>SearchFootSearchFoot.Common.dll".
  • The file at "<$PROGRAMFILES>SearchFootSearchFoot.FirstRun.exe".
  • The file at "<$PROGRAMFILES>SearchFootSearchFoot.ico".
  • The file at "<$PROGRAMFILES>SearchFootSearchFootBHO.dll".
  • The file at "<$PROGRAMFILES>SearchFootSearchFootuninstall.exe".
  • The file at "<$PROGRAMFILES>SearchFootupdater.exe".
  • The file at "<$PROGRAMFILES>SearchFootupdateSearchFoot.exe".

Make sure you set your file manager to display hidden and system files. If Ad.SearchFoot uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>SearchFootbinplugins".
  • The directory at "<$PROGRAMFILES>SearchFootbin".
  • The directory at "<$PROGRAMFILES>SearchFoot".

Make sure you set your file manager to display hidden and system files. If Ad.SearchFoot uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "SearchFoot" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "SearchFoot" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update SearchFoot" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update SearchFoot" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update SearchFoot" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareSearchFoot".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareSearchFoot".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareSearchFoot".

If Ad.SearchFoot uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.MarketResearchHelper

The following instructions have been created to help you to get rid of "Ad.MarketResearchHelper" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.MarketResearchHelper claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://marketresearchhelper.com/Privacy

Links (be careful!):

: ttp://marketresearchhelper.com/
: ttp://www.marketresearchhelper.com/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{d524939d-dcea-4579-a3d0-67758ac2ff8e}.xpi".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.BOAS.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.ExpExt.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelperBA.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelperBAApp.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelperBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BOAS.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.Bromon.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BroStats.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BRT.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.DspSvc.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.ExpExt.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.FeSvc.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.OfSvc.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.Repmon.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinutilMarketResearchHelper.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperMarketResearchHelper.Common.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperMarketResearchHelper.FirstRun.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperMarketResearchHelper.ico".
  • The file at "<$PROGRAMFILES>MarketResearchHelperMarketResearchHelperBHO.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperMarketResearchHelperUninstall.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperupdateMarketResearchHelper.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.MarketResearchHelper uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>MarketResearchHelperbinplugins".
  • The directory at "<$PROGRAMFILES>MarketResearchHelperbin".
  • The directory at "<$PROGRAMFILES>MarketResearchHelper".

Make sure you set your file manager to display hidden and system files. If Ad.MarketResearchHelper uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{085C4D33-AB97-4165-9275-6174CF6B530D}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{2ACC2EF3-B127-4F5B-B18C-47763737CB19}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{e71ecfaa-158b-4027-9a01-1959834a82db}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{e71ecfaa-158b-4027-9a01-1959834a82db}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Chrome" at "HKEY_LOCAL_MACHINESOFTWAREMarketResearchHelper".
  • Delete the registry key "Firefox" at "HKEY_CURRENT_USERSoftwareMarketResearchHelper".
  • Delete the registry key "Firefox" at "HKEY_LOCAL_MACHINESOFTWAREMarketResearchHelper".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareMarketResearchHelper".
  • Delete the registry key "Internet Explorer" at "HKEY_LOCAL_MACHINESOFTWAREMarketResearchHelper".
  • Delete the registry key "MarketResearchHelper" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "MarketResearchHelper" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "MarketResearchHelper" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Update MarketResearchHelper" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update MarketResearchHelper" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update MarketResearchHelper" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareMarketResearchHelper".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareMarketResearchHelper".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareMarketResearchHelper".

If Ad.MarketResearchHelper uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.LinkiDoo

The following instructions have been created to help you to get rid of "Ad.LinkiDoo" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.LinkiDoo claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Links (be careful!):

: ttp://linkidoo.biz
: ttp://www.linkidoo.biz

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{75edaf6c-4dcf-4f61-a079-f7488c24b3d9}.xpi".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.BOAS.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.ExpExt.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDooBA.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDooBAApp.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDooBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BOAS.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.Bromon.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BroStats.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BRT.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.DspSvc.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.ExpExt.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.FeSvc.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.OfSvc.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.Repmon.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinutilLinkiDoo.exe".
  • The file at "<$PROGRAMFILES>LinkiDooLinkiDoo.Common.dll".
  • The file at "<$PROGRAMFILES>LinkiDooLinkiDoo.FirstRun.exe".
  • The file at "<$PROGRAMFILES>LinkiDooLinkiDoo.ico".
  • The file at "<$PROGRAMFILES>LinkiDooLinkiDooBHO.dll".
  • The file at "<$PROGRAMFILES>LinkiDooLinkiDoouninstall.exe".
  • The file at "<$PROGRAMFILES>LinkiDoonedmkhahhppfofnniinaggmabnngddjk.crx".
  • The file at "<$PROGRAMFILES>LinkiDooupdateLinkiDoo.exe".
  • The file at "<$PROGRAMFILES>LinkiDooupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.LinkiDoo uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnedmkhahhppfofnniinaggmabnngddjk1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnedmkhahhppfofnniinaggmabnngddjk".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsnedmkhahhppfofnniinaggmabnngddjk".
  • The directory at "<$PROGRAMFILES>LinkiDoobinplugins".
  • The directory at "<$PROGRAMFILES>LinkiDoobin".
  • The directory at "<$PROGRAMFILES>LinkiDoo".

Make sure you set your file manager to display hidden and system files. If Ad.LinkiDoo uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{1F87D8B1-BC1F-435E-9290-EC13863DCAE9}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{5c11f47a-dbf7-4d5f-94a0-f747ce85e935}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{5c11f47a-dbf7-4d5f-94a0-f747ce85e935}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{CD239C93-5F6B-48DD-8CE0-FD7F8F62BBBE}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "LinkiDoo" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "LinkiDoo" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "LinkiDoo" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Update LinkiDoo" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update LinkiDoo" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update LinkiDoo" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "drp" at "HKEY_LOCAL_MACHINESOFTWARELinkiDoo".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareLinkiDoo".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareLinkiDoo".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareLinkiDoo".

If Ad.LinkiDoo uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Fix for System Scan freeze on Zlob.ZipCodec

Many users have recently been affected by a feature in the Spybot program that caused the scanner to freeze on the final file of the scan, and the “Settings” button in the Start Center to become unresponsive.

We are happy to announce that we now have a solution for this issue. If you have experienced this issue and have not been sent this fix, please download and run this small installer.

The installer will replace the file we found was causing the issue.

More information on this can be found here.

Manual Removal Guide for Ad.ResultsAlpha

The following instructions have been created to help you to get rid of "Ad.ResultsAlpha" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.ResultsAlpha claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.resultsalpha.net/Privacy

Links (be careful!):

: ttp://resultsalpha.net
: ttp://www.resultsalpha.net/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{f727685b-ed90-4adc-8eec-8234574a91e6}.xpi".
  • The file at "<$PROGRAMFILES>ResultsAlphaaaokmnpaoippoclepikifeegeknpopea.crx".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BOAS.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.Bromon.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BroStats.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BRT.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.DspSvc.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.ExpExt.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.FeSvc.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.OfSvc.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.Repmon.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.BOAS.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.ExpExt.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlphaBA.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlphaBAApp.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlphaBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinutilResultsAlpha.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphaResultsAlpha.Common.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphaResultsAlpha.FirstRun.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphaResultsAlpha.ico".
  • The file at "<$PROGRAMFILES>ResultsAlphaResultsAlphaBHO.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphaResultsAlphauninstall.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphaupdater.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphaupdateResultsAlpha.exe".

Make sure you set your file manager to display hidden and system files. If Ad.ResultsAlpha uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsaaokmnpaoippoclepikifeegeknpopea1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsaaokmnpaoippoclepikifeegeknpopea".
  • The directory at "<$PROGRAMFILES>ResultsAlphabinplugins".
  • The directory at "<$PROGRAMFILES>ResultsAlphabin".
  • The directory at "<$PROGRAMFILES>ResultsAlpha".

Make sure you set your file manager to display hidden and system files. If Ad.ResultsAlpha uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{B01A1DA4-813F-44BD-B544-77E5DA7EB5A8}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{cbab673a-a480-4050-bd2b-5de24a7a0282}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{cbab673a-a480-4050-bd2b-5de24a7a0282}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{F631E34D-23D3-4ED2-8942-631B8AAF9EA4}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareResultsAlpha".
  • Delete the registry key "resultsalpha.net" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "ResultsAlpha" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "ResultsAlpha" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update ResultsAlpha" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update ResultsAlpha" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update ResultsAlpha" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareResultsAlpha".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareResultsAlpha".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareResultsAlpha".

If Ad.ResultsAlpha uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Kazy

The following instructions have been created to help you to get rid of "Win32.Kazy" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan

Description:

Win32.Kazy copies several malicious library files into the program directory and installs a BHO without giving the user a possibility to cancel that process.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$SYSDIR>bnsspx.dll".
  • The file at "<$SYSDIR>BNSUpdata.exe".
  • The file at "<$SYSDIR>gyblack.lst".

Make sure you set your file manager to display hidden and system files. If Win32.Kazy uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Outobox

The following instructions have been created to help you to get rid of "Ad.Outobox" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Outobox claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://outobox.net/Privacy

Links (be careful!):

: ttp://outobox.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "firefox@outobox.net.xpi".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.BOAS.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.ExpExt.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutoboxBA.dll".
  • The file at "<$PROGRAMFILES>outoboxbinoutoboxBAApp.dll".
  • The file at "<$PROGRAMFILES>outoboxbinoutoboxBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BOAS.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.Bromon.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BroStats.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BRT.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.DspSvc.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.ExpExt.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.FeSvc.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.OfSvc.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.Repmon.dll".
  • The file at "<$PROGRAMFILES>outoboxbinutiloutobox.exe".
  • The file at "<$PROGRAMFILES>outoboxfjpdnoojnohifgekbkmnfbiobhcbedka.crx".
  • The file at "<$PROGRAMFILES>outoboxoutobox.Common.dll".
  • The file at "<$PROGRAMFILES>outoboxoutobox.FirstRun.exe".
  • The file at "<$PROGRAMFILES>outoboxoutobox.ico".
  • The file at "<$PROGRAMFILES>outoboxoutoboxBHO.dll".
  • The file at "<$PROGRAMFILES>outoboxoutoboxuninstall.exe".
  • The file at "<$PROGRAMFILES>outoboxupdateoutobox.exe".
  • The file at "<$PROGRAMFILES>outoboxupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Outobox uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>outoboxbinplugins".
  • The directory at "<$PROGRAMFILES>outoboxbin".
  • The directory at "<$PROGRAMFILES>outobox".

Make sure you set your file manager to display hidden and system files. If Ad.Outobox uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{1EB0A0B0-CABB-495C-A85A-7C8F891799C7}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{30f06672-0e95-41a9-80cb-dee386af99ad}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{30f06672-0e95-41a9-80cb-dee386af99ad}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{B1290521-AB01-40EB-B993-AD122BEFC9E2}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "outobox" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "outobox" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update outobox" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update outobox" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update outobox" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareoutobox".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareoutobox".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareoutobox".

If Ad.Outobox uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.InfoTrigger

The following instructions have been created to help you to get rid of "Ad.InfoTrigger" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.InfoTrigger claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.infotrigger.net/Privacy

Links (be careful!):

: ttp://www.infotrigger.net/
: ttp://www.infotrigger.net/Download

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{513fd515-8786-4d45-8e8e-065f42ad6a66}.xpi".
  • The file at "<$PROGRAMFILES>Info TriggerbinutilInfoTrigger.exe".
  • The file at "<$PROGRAMFILES>Info TriggerInfoTrigger.ico".
  • The file at "<$PROGRAMFILES>Info TriggerInfoTriggerBHO.dll".
  • The file at "<$PROGRAMFILES>Info TriggerupdateInfoTrigger.exe".
  • The file at "<$PROGRAMFILES>Info Triggerupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.InfoTrigger uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>Info Triggerbinplugins".
  • The directory at "<$PROGRAMFILES>Info Triggerbin".
  • The directory at "<$PROGRAMFILES>Info Trigger".

Make sure you set your file manager to display hidden and system files. If Ad.InfoTrigger uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "infotrigger.net" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "InfoTrigger" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".

If Ad.InfoTrigger uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.DoughGo

The following instructions have been created to help you to get rid of "Ad.DoughGo" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.DoughGo is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://www.doughgo.biz/Privacy

Links (be careful!):

: ttp://www.doughgo.biz
: ttp://wwwdoughgobiz-a.akamaihd.net/favicon.ico

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{735c7dda-e3b7-44f2-8521-a39cc0d289b2}.xpi".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.BOAS.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.ExpExt.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGoBA.dll".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGoBAApp.dll".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGoBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BOAS.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.Bromon.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BroStats.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BRT.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.DspSvc.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.ExpExt.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.FeSvc.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.OfSvc.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.Repmon.dll".
  • The file at "<$PROGRAMFILES>DoughGobinutilDoughGo.exe".
  • The file at "<$PROGRAMFILES>DoughGoDoughGo.Common.dll".
  • The file at "<$PROGRAMFILES>DoughGoDoughGo.FirstRun.exe".
  • The file at "<$PROGRAMFILES>DoughGoDoughGo.ico".
  • The file at "<$PROGRAMFILES>DoughGoDoughGoBHO.dll".
  • The file at "<$PROGRAMFILES>DoughGoDoughGouninstall.exe".
  • The file at "<$PROGRAMFILES>DoughGoupdateDoughGo.exe".
  • The file at "<$PROGRAMFILES>DoughGoupdater.exe".
  • The file at "<$SYSDIR>drivers{735c7dda-e3b7-44f2-8521-a39cc0d289b2}w64.sys".

Make sure you set your file manager to display hidden and system files. If Ad.DoughGo uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>DoughGobinplugins".
  • The directory at "<$PROGRAMFILES>DoughGobin".
  • The directory at "<$PROGRAMFILES>DoughGo".

Make sure you set your file manager to display hidden and system files. If Ad.DoughGo uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "DoughGo" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "DoughGo" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update DoughGo" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update DoughGo" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update DoughGo" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareDoughGo".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareDoughGo".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareDoughGo".

If Ad.DoughGo uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SeekApp

The following instructions have been created to help you to get rid of "Ad.SeekApp" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.SeekApp installs program files and a browser extension in order to display advertising content.

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

  • Products that have a key or property named "Seekapp".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$COMMONAPPDATA>Seekappseekapp132.exe".
  • The file at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}chrome.manifest".
  • The file at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}chromeseekapp.jar".
  • The file at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}defaultspreferencesprefs.js".
  • The file at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}install.rdf".
  • The file at "<$PROGRAMFILES>Mozilla Firefoxsearchpluginsseekapp132.xml".
  • The file at "<$PROGRAMFILES>Seekappreadme.html".
  • The file at "<$PROGRAMFILES>Seekappseekapp.dll".
  • The file at "<$PROGRAMFILES>Seekappseekapp.exe".
  • The file at "<$PROGRAMFILES>Seekappuninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.SeekApp uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$COMMONAPPDATA>Seekapp".
  • The directory at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}chrome".
  • The directory at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}defaultspreferences".
  • The directory at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}defaults".
  • The directory at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}".
  • The directory at "<$PROGRAMFILES>Seekapp".

Make sure you set your file manager to display hidden and system files. If Ad.SeekApp uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "Seekapp Service" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Seekapp Service" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Seekapp Service" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "Seekapp" at "HKEY_LOCAL_MACHINESOFTWARE".

If Ad.SeekApp uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.ViewPlay

The following instructions have been created to help you to get rid of "Ad.ViewPlay" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.ViewPlay is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://www.viewplay.net/Privacy

Links (be careful!):

: ttp://www.viewplay.net
: ttp://wwwviewplaynet-a.akamaihd.net/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BOAS.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Bromon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BroStats.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BRT.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.DspSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.ExpExt.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.FeSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.OfSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Repmon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinutilViewPlay.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOAS.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BrowserFilter.Helper.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.ExpExt.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBA.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBAApp.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>ViewPlayupdater.exe".
  • The file at "<$PROGRAMFILES>ViewPlayupdateViewPlay.exe".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.Common.dll".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.FirstRun.exe".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.ico".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayBHO.7z".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayBHO.dll".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayFR.7z".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayuninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.ViewPlay uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>ViewPlaybinplugins".
  • The directory at "<$PROGRAMFILES>ViewPlaybin".
  • The directory at "<$PROGRAMFILES>ViewPlay".

Make sure you set your file manager to display hidden and system files. If Ad.ViewPlay uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{6336aaf8-3481-495b-bb79-70deb1f1590d}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6336aaf8-3481-495b-bb79-70deb1f1590d}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{BB412D2C-F5A0-442B-8923-9109CE207B2A}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{DB2BC9D8-FE5A-4D34-9340-40054F0A44FE}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "viewplay.net" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "ViewPlay" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "ViewPlay" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareViewPlay".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareViewPlay".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareViewPlay".

If Ad.ViewPlay uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.BeatTool

The following instructions have been created to help you to get rid of "Ad.BeatTool" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.BeatTool is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>BeatToolBeatTool.Common.dll".
  • The file at "<$PROGRAMFILES>BeatToolBeatTool.FirstRun.exe".
  • The file at "<$PROGRAMFILES>BeatToolBeatTool.ico".
  • The file at "<$PROGRAMFILES>BeatToolBeatToolBHO.dll".
  • The file at "<$PROGRAMFILES>BeatToolBeatTooluninstall.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.BOAS.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.ExpExt.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatToolBA.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatToolBAApp.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatToolBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BOAS.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.Bromon.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BroStats.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BRT.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.DspSvc.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.ExpExt.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.FeSvc.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.OfSvc.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.Repmon.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinutilBeatTool.exe".
  • The file at "<$PROGRAMFILES>BeatToolobbbnginlkhognibkekkopkfhjcelkio.crx".
  • The file at "<$PROGRAMFILES>BeatToolupdateBeatTool.exe".
  • The file at "<$PROGRAMFILES>BeatToolupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.BeatTool uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsobbbnginlkhognibkekkopkfhjcelkio1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsobbbnginlkhognibkekkopkfhjcelkio".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsobbbnginlkhognibkekkopkfhjcelkio".
  • The directory at "<$PROGRAMFILES>BeatToolbinplugins".
  • The directory at "<$PROGRAMFILES>BeatToolbin".
  • The directory at "<$PROGRAMFILES>BeatTool".

Make sure you set your file manager to display hidden and system files. If Ad.BeatTool uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{6AEA7031-A51D-403C-A72F-FD30BEA99B5B}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{7B325B67-96F6-415B-9103-254F1A023232}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{95ffef7e-d5b7-4afb-9b49-da6f9ee962d0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{95ffef7e-d5b7-4afb-9b49-da6f9ee962d0}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "BeatTool" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "BeatTool" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update BeatTool" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update BeatTool" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update BeatTool" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareBeatTool".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareBeatTool".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareBeatTool".

If Ad.BeatTool uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.DarkKomet

The following instructions have been created to help you to get rid of "Win32.DarkKomet" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • trojan

Description:

Win32.DarkKomet is a Remote Access Tool which copies itself into the appdata directory and creates an autorun entry along with other registry changes.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "DarkComet RAT" and pointing to "*.exe*".
  • Entries named "DarkComet RAT" and pointing to "<$PERSONAL>DCSCMINIMDCSC.exe".
  • Entries named "HKCU" and pointing to "<$SYSDIR>Avira.exe".
  • Entries named "HKLM" and pointing to "<$SYSDIR>Avira.exe".

Important: There are more autorun entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PERSONAL>DCSCMINIMDCSC.exe".
  • The file at "<$SYSDIR>Avira.exe".

Make sure you set your file manager to display hidden and system files. If Win32.DarkKomet uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PERSONAL>DCSCMIN".

Make sure you set your file manager to display hidden and system files. If Win32.DarkKomet uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{775H8T7N-A5A6-W00C-Y08I-6P5Y2VU4N2M8}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components".
  • Delete the registry value "NewIdentification" at "HKEY_CURRENT_USERSoftwareAvira".
  • Delete the registry value "Policies" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun".
  • Delete the registry value "Policies" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun".
  • Remove "<$PERSONAL>DCSCMINIMDCSC.exe" from registry value "Userinit" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon".
  • Remove "<regexpr>[0-9//] — [0-9/:] " from registry value "FirstExecution" at "HKEY_CURRENT_USERSoftwareAvira".

If Win32.DarkKomet uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SwiftBrowse

The following instructions have been created to help you to get rid of "Ad.SwiftBrowse" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.SwiftBrowse is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://swiftbrowse.net/Privacy

Links (be careful!):

: ttp://swiftbrowse.net
: ttp://swiftbrowse.net/Download

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALAPPDATA>tempswiftbrowse_s3.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.BOAS.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.Bromon.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.BroStats.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.BRT.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.DspSvc.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.ExpExt.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.FeSvc.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.OfSvc.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.Repmon.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowse.BOAS.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowse.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowse.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowse.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowse.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowse.ExpExt.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowse.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowse.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowseBA.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowseBAApp.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowseBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinutilSwiftBrowse.exe".
  • The file at "<$PROGRAMFILES>Swift Browsejgapglgghagmhogfjkdlnnmbdfddeedb.crx".
  • The file at "<$PROGRAMFILES>Swift BrowseSwiftBrowse.Common.dll".
  • The file at "<$PROGRAMFILES>Swift BrowseSwiftBrowse.FirstRun.exe".
  • The file at "<$PROGRAMFILES>Swift BrowseSwiftBrowse.ico".
  • The file at "<$PROGRAMFILES>Swift BrowseSwiftBrowseBHO.dll".
  • The file at "<$PROGRAMFILES>Swift BrowseSwiftBrowseOPC.exe".
  • The file at "<$PROGRAMFILES>Swift BrowseSwiftBrowseozr.exe".
  • The file at "<$PROGRAMFILES>Swift BrowseSwiftBrowseuninstall.exe".
  • The file at "<$PROGRAMFILES>Swift Browseupdater.exe".
  • The file at "<$PROGRAMFILES>Swift BrowseupdateSwiftBrowse.exe".

Make sure you set your file manager to display hidden and system files. If Ad.SwiftBrowse uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>Swift Browsebinplugins".
  • The directory at "<$PROGRAMFILES>Swift Browsebin".
  • The directory at "<$PROGRAMFILES>Swift Browse".

Make sure you set your file manager to display hidden and system files. If Ad.SwiftBrowse uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{47ADEAA5-2986-44B2-A914-5D8516E58443}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{79F2E347-1D36-4E2E-A676-76550A20D541}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{808dc83c-d35b-4fba-a5b5-9a52103204df}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{808dc83c-d35b-4fba-a5b5-9a52103204df}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "SwiftBrowse" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "SwiftBrowse" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update SwiftBrowse" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update SwiftBrowse" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update SwiftBrowse" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".

If Ad.SwiftBrowse uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.RavingReyven

The following instructions have been created to help you to get rid of "Ad.RavingReyven" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.RavingReyven is a browser add-on that displays advertisements and sponsored links.

Links (be careful!):

: ttp://wwwravingreyvenm-a.akamaihd.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.BOAS.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.Bromon.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.BroStats.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.BrowserFilter.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.BRT.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.DspSvc.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.ExpExt.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.FeSvc.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.OfSvc.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.Repmon.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyven.BOAS.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyven.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyven.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyven.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyven.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyven.ExpExt.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyven.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyven.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyvenBA.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyvenBAApp.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyvenBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinutilravingreyven.exe".
  • The file at "<$PROGRAMFILES>raving reyvenravingreyven.Common.dll".
  • The file at "<$PROGRAMFILES>raving reyvenravingreyven.FirstRun.exe".
  • The file at "<$PROGRAMFILES>raving reyvenravingreyven.ico".
  • The file at "<$PROGRAMFILES>raving reyvenravingreyvenBHO.dll".
  • The file at "<$PROGRAMFILES>raving reyvenravingreyvenuninstall.exe".
  • The file at "<$PROGRAMFILES>raving reyvenupdater.exe".
  • The file at "<$PROGRAMFILES>raving reyvenupdateravingreyven.exe".

Make sure you set your file manager to display hidden and system files. If Ad.RavingReyven uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>raving reyvenbinplugins".
  • The directory at "<$PROGRAMFILES>raving reyvenbin".
  • The directory at "<$PROGRAMFILES>raving reyven".

Make sure you set your file manager to display hidden and system files. If Ad.RavingReyven uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "raving reyven" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "raving reyven" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update raving reyven" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update raving reyven" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update raving reyven" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareraving reyven".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareraving reyven".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareraving reyven".

If Ad.RavingReyven uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.GrooveDock

The following instructions have been created to help you to get rid of "Ad.GrooveDock" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.GrooveDock is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://groovedock.net/Privacy

Links (be careful!):

: ttp://groovedock.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDock.BOAS.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDock.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDock.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDock.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDock.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDock.ExpExt.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDock.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDock.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDockBA.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDockBAApp.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDockBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.BOAS.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.Bromon.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.BroStats.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.BRT.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.DspSvc.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.ExpExt.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.FeSvc.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.OfSvc.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.Repmon.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinutilGrooveDock.exe".
  • The file at "<$PROGRAMFILES>GrooveDockGrooveDock.Common.dll".
  • The file at "<$PROGRAMFILES>GrooveDockGrooveDock.FirstRun.exe".
  • The file at "<$PROGRAMFILES>GrooveDockGrooveDock.ico".
  • The file at "<$PROGRAMFILES>GrooveDockGrooveDockBHO.dll".
  • The file at "<$PROGRAMFILES>GrooveDockGrooveDockuninstall.exe".
  • The file at "<$PROGRAMFILES>GrooveDockldhpeopkenpbohbeaohdhfgkjjjijneb.crx".
  • The file at "<$PROGRAMFILES>GrooveDockupdateGrooveDock.exe".
  • The file at "<$PROGRAMFILES>GrooveDockupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.GrooveDock uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsldhpeopkenpbohbeaohdhfgkjjjijneb1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsldhpeopkenpbohbeaohdhfgkjjjijneb".
  • The directory at "<$PROGRAMFILES>GrooveDockbinplugins".
  • The directory at "<$PROGRAMFILES>GrooveDockbin".
  • The directory at "<$PROGRAMFILES>GrooveDock".

Make sure you set your file manager to display hidden and system files. If Ad.GrooveDock uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{2859a0e0-fe33-407f-80c2-8bef77bdb439}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{2859a0e0-fe33-407f-80c2-8bef77bdb439}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{C690CCD2-2A9F-4D22-A9F4-B78AF92091F9}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{F2779EC2-8DFB-4894-B850-E4665D16AB3B}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "GrooveDock" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "GrooveDock" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update GrooveDock" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update GrooveDock" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update GrooveDock" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareGrooveDock".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareGrooveDock".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareGrooveDock".

If Ad.GrooveDock uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SizlSearch

The following instructions have been created to help you to get rid of "Ad.SizlSearch" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.SizlSearch is a browser add-on that displays advertisements and sponsored links.

Links (be careful!):

: ttp://sizlsearch.net
: ttp://sizlsearch.net/Contact

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.BOAS.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.Bromon.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.BroStats.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.BRT.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.DspSvc.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.ExpExt.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.FeSvc.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.OfSvc.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.Repmon.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearch.BOAS.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearch.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearch.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearch.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearch.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearch.ExpExt.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearch.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearch.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearchBA.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearchBAApp.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearchBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinutilsizlsearch.exe".
  • The file at "<$PROGRAMFILES>sizlsearchinglknhicnomibbnhdnhbkmncldebfcb.crx".
  • The file at "<$PROGRAMFILES>sizlsearchsizlsearch.Common.dll".
  • The file at "<$PROGRAMFILES>sizlsearchsizlsearch.FirstRun.exe".
  • The file at "<$PROGRAMFILES>sizlsearchsizlsearch.ico".
  • The file at "<$PROGRAMFILES>sizlsearchsizlsearchBHO.dll".
  • The file at "<$PROGRAMFILES>sizlsearchsizlsearchUn.exe".
  • The file at "<$PROGRAMFILES>sizlsearchsizlsearchuninstall.exe".
  • The file at "<$PROGRAMFILES>sizlsearchupdater.exe".
  • The file at "<$PROGRAMFILES>sizlsearchupdatesizlsearch.exe".

Make sure you set your file manager to display hidden and system files. If Ad.SizlSearch uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsinglknhicnomibbnhdnhbkmncldebfcb1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsinglknhicnomibbnhdnhbkmncldebfcb".
  • The directory at "<$PROGRAMFILES>sizlsearchbinplugins".
  • The directory at "<$PROGRAMFILES>sizlsearchbin".
  • The directory at "<$PROGRAMFILES>sizlsearch".

Make sure you set your file manager to display hidden and system files. If Ad.SizlSearch uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{15AE08DB-FBB7-4F64-9795-F14A1640F072}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{36d96925-abfa-4eb8-b630-305e905a930d}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{36d96925-abfa-4eb8-b630-305e905a930d}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{AD36574C-B9D6-4579-A839-8EABE783778B}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "sizlsearch" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "sizlsearch" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update sizlsearch" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update sizlsearch" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update sizlsearch" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwaresizlsearch".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwaresizlsearch".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwaresizlsearch".

If Ad.SizlSearch uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Laflurla

The following instructions have been created to help you to get rid of "Ad.Laflurla" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Laflurla is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://www.laflurla.com/Privacy

Links (be careful!):

: ttp://www.laflurla.com/
: ttp://www.laflurla.com/Terms

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>LaflurlabinLaflurla.BOAS.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurla.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurla.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurla.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurla.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurla.ExpExt.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurla.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurla.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurlaBA.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurlaBAApp.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurlaBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.BOAS.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.Bromon.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.BroStats.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.BRT.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.DspSvc.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.ExpExt.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.FeSvc.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.OfSvc.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.Repmon.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinutilLaflurla.exe".
  • The file at "<$PROGRAMFILES>Laflurlafkmpjkomnpflaenmiccjmbkaapicalje.crx".
  • The file at "<$PROGRAMFILES>LaflurlaLaflurla.Common.dll".
  • The file at "<$PROGRAMFILES>LaflurlaLaflurla.FirstRun.exe".
  • The file at "<$PROGRAMFILES>LaflurlaLaflurla.ico".
  • The file at "<$PROGRAMFILES>LaflurlaLaflurla.xml".
  • The file at "<$PROGRAMFILES>LaflurlaLaflurlaBHO.dll".
  • The file at "<$PROGRAMFILES>LaflurlaLaflurlauninstall.exe".
  • The file at "<$PROGRAMFILES>LaflurlaupdateLaflurla.exe".
  • The file at "<$PROGRAMFILES>Laflurlaupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Laflurla uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsfkmpjkomnpflaenmiccjmbkaapicalje1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsfkmpjkomnpflaenmiccjmbkaapicalje".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsfkmpjkomnpflaenmiccjmbkaapicalje".
  • The directory at "<$PROGRAMFILES>Laflurlabinplugins".
  • The directory at "<$PROGRAMFILES>Laflurlabin".
  • The directory at "<$PROGRAMFILES>Laflurla".

Make sure you set your file manager to display hidden and system files. If Ad.Laflurla uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{50A6B23F-0055-41B7-AF2D-6689B24022A0}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{b4a89cd3-c5f5-49c4-abcf-5f26d636476f}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{b4a89cd3-c5f5-49c4-abcf-5f26d636476f}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{F1EC172A-3FEC-4FEF-A218-13F15E1B8C8D}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareLaflurla".
  • Delete the registry key "laflurla.com" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "Laflurla" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Laflurla" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update Laflurla" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Laflurla" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Laflurla" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareLaflurla".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareLaflurla".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareLaflurla".

If Ad.Laflurla uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.PassFinder

The following instructions have been created to help you to get rid of "PU.PassFinder" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • pups

Description:

PU.PassFinder offers to install a Pass Finder or Pass Revelator application. In order to install this software a user has to purchase a code via SMS payment.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$LOCALSETTINGS>TempInfoTrig.exe".
  • The file at "<$LOCALSETTINGS>TempInfoTriggerSetup.exe".

Make sure you set your file manager to display hidden and system files. If PU.PassFinder uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Utilocean

The following instructions have been created to help you to get rid of "Ad.Utilocean" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.Utilocean installs adware files of Korean origin into the program files directory. The ‘Utilocean’ autostart entry ensures restarting of this adware on every reboot.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "UtilOcean" and pointing to "<$PROGRAMFILES>Utilocean*.exe".
  • Entries named "UtilOcean" and pointing to "<$PROGRAMFILES>Utiloceanutiloceanup.exe".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>UtiloceanUninstall.exe".
  • The file at "<$PROGRAMFILES>UtiloceanUninstall.ini".
  • The file at "<$PROGRAMFILES>Utiloceanutiloceandn.exe".
  • The file at "<$PROGRAMFILES>Utiloceanutiloceanup.exe".
  • The file at "<$WINDIR>fileupinst.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Utilocean uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>Utilocean".

Make sure you set your file manager to display hidden and system files. If Ad.Utilocean uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "utilocean" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Utilocean" at "HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "utiloceancc" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion".

If Ad.Utilocean uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.ProductivityPro

The following instructions have been created to help you to get rid of "Ad.ProductivityPro" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.ProductivityPro is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>productivitypro562B20E1-AA3B-4E6F-B1E4-129A1E115D4C.dll".
  • The file at "<$PROGRAMFILES>productivitypro7za.exe".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.BOAS.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.Bromon.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.BroStats.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.BRT.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.DspSvc.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.ExpExt.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.FeSvc.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.OfSvc.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.Repmon.dll".
  • The file at "<$PROGRAMFILES>productivityprobinproductivitypro.BOAS.exe".
  • The file at "<$PROGRAMFILES>productivityprobinproductivitypro.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>productivityprobinproductivitypro.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>productivityprobinproductivitypro.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>productivityprobinproductivitypro.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>productivityprobinproductivitypro.ExpExt.exe".
  • The file at "<$PROGRAMFILES>productivityprobinproductivitypro.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>productivityprobinproductivitypro.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>productivityprobinproductivityproBA.dll".
  • The file at "<$PROGRAMFILES>productivityprobinproductivityproBAApp.dll".
  • The file at "<$PROGRAMFILES>productivityprobinproductivityproBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>productivityprobinutilproductivitypro.exe".
  • The file at "<$PROGRAMFILES>productivityproproductivitypro.Common.dll".
  • The file at "<$PROGRAMFILES>productivityproproductivitypro.FirstRun.exe".
  • The file at "<$PROGRAMFILES>productivityproproductivitypro.ico".
  • The file at "<$PROGRAMFILES>productivityproproductivityproBHO.dll".
  • The file at "<$PROGRAMFILES>productivityproproductivityproUninstall.exe".
  • The file at "<$PROGRAMFILES>productivityproupdateproductivitypro.exe".
  • The file at "<$PROGRAMFILES>productivityproupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.ProductivityPro uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>productivityprobinplugins".
  • The directory at "<$PROGRAMFILES>productivityprobin".
  • The directory at "<$PROGRAMFILES>productivitypro".

Make sure you set your file manager to display hidden and system files. If Ad.ProductivityPro uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{8a2c5e13-0350-4a01-aa66-9343849cff79}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{8a2c5e13-0350-4a01-aa66-9343849cff79}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{8C28EFEC-318A-4BDA-B8FB-95243BB5AC17}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{B770C4CE-9263-4066-8E83-46B1A2965427}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "Chrome" at "HKEY_LOCAL_MACHINESOFTWAREproductivitypro".
  • Delete the registry key "Firefox" at "HKEY_CURRENT_USERSoftwareproductivitypro".
  • Delete the registry key "Firefox" at "HKEY_LOCAL_MACHINESOFTWAREproductivitypro".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareproductivitypro".
  • Delete the registry key "Internet Explorer" at "HKEY_LOCAL_MACHINESOFTWAREproductivitypro".
  • Delete the registry key "productivitypro" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "productivitypro" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "productivitypro" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Update productivitypro" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update productivitypro" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update productivitypro" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareproductivitypro".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareproductivitypro".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareproductivitypro".

If Ad.ProductivityPro uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.PigSearch

The following instructions have been created to help you to get rid of "Ad.PigSearch" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.PigSearch installs into the program files directory and provides search data to Chinese servers in order to display advertising.

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

  • Entries named "MoveSearch" and pointing to "<$PROGRAMFILES>wsearchSearch.exe".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>wsearch_uninstall".
  • The file at "<$PROGRAMFILES>wsearchallverx.dat".
  • The file at "<$PROGRAMFILES>wsearchMouse1.dll".
  • The file at "<$PROGRAMFILES>wsearchmUninstall.exe".
  • The file at "<$PROGRAMFILES>wsearchmupdate.exe".
  • The file at "<$PROGRAMFILES>wsearchSearch.exe".
  • The file at "<$PROGRAMFILES>wsearchSearchM.dll".

Make sure you set your file manager to display hidden and system files. If Ad.PigSearch uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>wsearch".

Make sure you set your file manager to display hidden and system files. If Ad.PigSearch uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • A key in HKEY_CLASSES_ROOT named "SearchM.Com.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "SearchM.Com", plus associated values.
  • Delete the registry key "{594BE7B2-23B0-4FAE-A2B9-0C21CC1417CE}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A07E6B9B-BB30-4381-A9D8-FABB0648BCEF}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{C5CE084B-31E0-4B34-A33A-82B4EA913CF8}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "Pig Move Search" at "HKEY_CURRENT_USERSoftware".

If Ad.PigSearch uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Norpalla

The following instructions have been created to help you to get rid of "Ad.Norpalla" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Norpalla claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://wwwnorpallacom-a.akamaihd.net/Privacy

Links (be careful!):

: ttp://www.norpalla.com
: ttp://www.norpalla.com/favicon.ico
: ttp://wwwnorpallacom-a.akamaihd.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>NorpallabinNorpalla.BOAS.exe".
  • The file at "<$PROGRAMFILES>NorpallabinNorpalla.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>NorpallabinNorpalla.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>NorpallabinNorpalla.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>NorpallabinNorpalla.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>NorpallabinNorpalla.ExpExt.exe".
  • The file at "<$PROGRAMFILES>NorpallabinNorpalla.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>NorpallabinNorpalla.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>NorpallabinNorpallaBA.dll".
  • The file at "<$PROGRAMFILES>NorpallabinNorpallaBAApp.dll".
  • The file at "<$PROGRAMFILES>NorpallabinNorpallaBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.BOAS.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.Bromon.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.BroStats.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.BRT.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.DspSvc.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.ExpExt.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.FeSvc.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.OfSvc.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.Repmon.dll".
  • The file at "<$PROGRAMFILES>NorpallabinutilNorpalla.exe".
  • The file at "<$PROGRAMFILES>NorpallaNorpalla.Common.dll".
  • The file at "<$PROGRAMFILES>NorpallaNorpalla.FirstRun.exe".
  • The file at "<$PROGRAMFILES>NorpallaNorpalla.ico".
  • The file at "<$PROGRAMFILES>NorpallaNorpallaBHO.dll".
  • The file at "<$PROGRAMFILES>NorpallaNorpallauninstall.exe".
  • The file at "<$PROGRAMFILES>NorpallaupdateNorpalla.exe".
  • The file at "<$PROGRAMFILES>Norpallaupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Norpalla uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>Norpallabinplugins".
  • The directory at "<$PROGRAMFILES>Norpallabin".
  • The directory at "<$PROGRAMFILES>Norpalla".

Make sure you set your file manager to display hidden and system files. If Ad.Norpalla uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "Norpalla" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Norpalla" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update Norpalla" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Norpalla" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Norpalla" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".

If Ad.Norpalla uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Zebar

The following instructions have been created to help you to get rid of "Ad.Zebar" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Zebar is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://www.metalzebar.com/Privacy

Links (be careful!):

: ttp://www.metalzebar.com/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.BOAS.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.Bromon.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.BroStats.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.BRT.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.DspSvc.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.ExpExt.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.FeSvc.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.OfSvc.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.Repmon.dll".
  • The file at "<$PROGRAMFILES>ZebarbinutilZebar.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebar.BOAS.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebar.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebar.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebar.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebar.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebar.ExpExt.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebar.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebar.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebarBA.dll".
  • The file at "<$PROGRAMFILES>ZebarbinZebarBAApp.dll".
  • The file at "<$PROGRAMFILES>ZebarbinZebarBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>Zebarupdater.exe".
  • The file at "<$PROGRAMFILES>ZebarupdateZebar.exe".
  • The file at "<$PROGRAMFILES>ZebarZebar.Common.dll".
  • The file at "<$PROGRAMFILES>ZebarZebar.exe".
  • The file at "<$PROGRAMFILES>ZebarZebar.FirstRun.exe".
  • The file at "<$PROGRAMFILES>ZebarZebar.ico".
  • The file at "<$PROGRAMFILES>ZebarZebarBHO.dll".
  • The file at "<$PROGRAMFILES>ZebarZebaruninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Zebar uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>Zebarbinplugins".
  • The directory at "<$PROGRAMFILES>Zebarbin".
  • The directory at "<$PROGRAMFILES>Zebar".

Make sure you set your file manager to display hidden and system files. If Ad.Zebar uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "metalzebar.com" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "Update Zebar" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Zebar" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Zebar" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "Zebar" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Zebar" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".

If Ad.Zebar uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Yulasee

The following instructions have been created to help you to get rid of "Ad.Yulasee" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.Yulasee claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.Bromon.dll".
  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.BroStats.dll".
  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.FeSvc.dll".
  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.Repmon.dll".
  • The file at "<$PROGRAMFILES>YulabinutilYulasee.exe".
  • The file at "<$PROGRAMFILES>YulabinYulasee.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>YulabinYulasee.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>YulabinYulasee.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>YulabinYulaseeBA.dll".
  • The file at "<$PROGRAMFILES>YulabinYulaseeBAApp.dll".
  • The file at "<$PROGRAMFILES>Yulaupdater.exe".
  • The file at "<$PROGRAMFILES>YulaupdateYulasee.exe".
  • The file at "<$PROGRAMFILES>YulaYulasee.FirstRun.exe".
  • The file at "<$PROGRAMFILES>YulaYulasee.ico".
  • The file at "<$PROGRAMFILES>YulaYulaseebho.dll".
  • The file at "<$PROGRAMFILES>YulaYulaseeuninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Yulasee uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>Yulabinplugins".
  • The directory at "<$PROGRAMFILES>Yulabin".
  • The directory at "<$PROGRAMFILES>Yula".

Make sure you set your file manager to display hidden and system files. If Ad.Yulasee uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{9df76084-393c-4ad9-99b5-79e0a157895d}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9df76084-393c-4ad9-99b5-79e0a157895d}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Update Yula" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Yula" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Yula" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "Yula" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Yula" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Yula" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry value "drp" at "HKEY_LOCAL_MACHINESOFTWAREYula".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareYula".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareYula".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareYula".

If Ad.Yulasee uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.WebGet

The following instructions have been created to help you to get rid of "Ad.WebGet" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.WebGet is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>webgetbinpluginswebget.Bromon.dll".
  • The file at "<$PROGRAMFILES>webgetbinpluginswebget.BroStats.dll".
  • The file at "<$PROGRAMFILES>webgetbinpluginswebget.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>webgetbinpluginswebget.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>webgetbinpluginswebget.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>webgetbinpluginswebget.Repmon.dll".
  • The file at "<$PROGRAMFILES>webgetbinutilwebget.exe".
  • The file at "<$PROGRAMFILES>webgetbinwebget.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>webgetbinwebget.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>webgetbinwebget.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>webgetbinwebgetBA.dll".
  • The file at "<$PROGRAMFILES>webgetbinwebgetBAApp.dll".
  • The file at "<$PROGRAMFILES>webgetupdatewebget.exe".
  • The file at "<$PROGRAMFILES>webgetwebget.FirstRun.exe".
  • The file at "<$PROGRAMFILES>webgetwebget.ico".
  • The file at "<$PROGRAMFILES>webgetwebgetbho.dll".
  • The file at "<$PROGRAMFILES>webgetwebgetuninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.WebGet uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>webgetbinplugins".
  • The directory at "<$PROGRAMFILES>webgetbin".
  • The directory at "<$PROGRAMFILES>webget".

Make sure you set your file manager to display hidden and system files. If Ad.WebGet uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{0a4aa078-e14f-4459-901a-d5f6acb22dd6}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{14f95421-c981-4820-954e-d83c8537f54c}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{14f95421-c981-4820-954e-d83c8537f54c}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{c55f8204-eff9-4ea1-b541-49253667eb29}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{dc264a72-fa75-4948-b881-ea8eff8e5dd2}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{dc264a72-fa75-4948-b881-ea8eff8e5dd2}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Update webget" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update webget" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update webget" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "webget" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "webget" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwarewebget".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwarewebget".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwarewebget".

If Ad.WebGet uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.WebFrog

The following instructions have been created to help you to get rid of "Ad.WebFrog" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.WebFrog is a browser add-on that displays advertisements and sponsored links.

Privacy Statement:

http://www.webfrog.co/Privacy

Links (be careful!):

: ttp://www.webfrog.co
: ttp://wwwwebfrogco-a.akamaihd.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BOAS.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.Bromon.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BroStats.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BRT.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.DspSvc.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.ExpExt.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.FeSvc.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.OfSvc.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.Repmon.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinutilWebFrog.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BOAS.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.ExpExt.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrogBA.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrogBAApp.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrogBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>Web Frogfirefox@webfrog.co.xpi".
  • The file at "<$PROGRAMFILES>Web Frogupdater.exe".
  • The file at "<$PROGRAMFILES>Web FrogupdateWebFrog.exe".
  • The file at "<$PROGRAMFILES>Web FrogWebFrog.Common.dll".
  • The file at "<$PROGRAMFILES>Web FrogWebFrog.FirstRun.exe".
  • The file at "<$PROGRAMFILES>Web FrogWebFrog.ico".
  • The file at "<$PROGRAMFILES>Web FrogWebFrogBHO.dll".
  • The file at "<$PROGRAMFILES>Web FrogWebFroguninstall.exe".

Make sure you set your file manager to display hidden and system files. If Ad.WebFrog uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>Web Frogbinplugins".
  • The directory at "<$PROGRAMFILES>Web Frogbin".
  • The directory at "<$PROGRAMFILES>Web Frog".

Make sure you set your file manager to display hidden and system files. If Ad.WebFrog uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{08F912CE-C6DF-4557-99E3-90FDE95EB1A5}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{2840C6AA-D471-468E-98F7-C316A1E444EB}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{96850e3d-7a6b-49ff-b395-31430016c5ed}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{96850e3d-7a6b-49ff-b395-31430016c5ed}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Chrome" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry key "Firefox" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry key "Firefox" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry key "Internet Explorer" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry key "Update WebFrog" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update WebFrog" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update WebFrog" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "Web Frog" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Web Frog" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Web Frog" at "HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry value "iid" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareWeb Frog".

If Ad.WebFrog uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.GreenerWeb

The following instructions have been created to help you to get rid of "Ad.GreenerWeb" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.GreenerWeb is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>Greener Webbin{a3f28269-ad17-41a8-b032-3e0313ef8979}.dll".
  • The file at "<$PROGRAMFILES>Greener Webbin{a3f28269-ad17-41a8-b032-3e0313ef8979}64.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinGreenerWeb.BOAS.exe".
  • The file at "<$PROGRAMFILES>Greener WebbinGreenerWeb.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>Greener WebbinGreenerWeb.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>Greener WebbinGreenerWeb.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>Greener WebbinGreenerWeb.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>Greener WebbinGreenerWeb.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>Greener WebbinGreenerWebBA.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinGreenerWebBAApp.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsDizzyDing.DspSvc.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.BOAS.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.Bromon.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.BroStats.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.FeSvc.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.OfSvc.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.Repmon.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinutilGreenerWeb.exe".
  • The file at "<$PROGRAMFILES>Greener WebGreenerWeb.FirstRun.exe".
  • The file at "<$PROGRAMFILES>Greener WebGreenerWeb.ico".
  • The file at "<$PROGRAMFILES>Greener WebGreenerWebbho.dll".
  • The file at "<$PROGRAMFILES>Greener WebGreenerWebUn.exe".
  • The file at "<$PROGRAMFILES>Greener WebGreenerWebuninstall.exe".
  • The file at "<$PROGRAMFILES>Greener WebupdateGreenerWeb.exe".
  • The file at "<$PROGRAMFILES>Greener Webupdater.exe".
  • The file at "<$SYSDIR>drivers{a3f28269-ad17-41a8-b032-3e0313ef8979}gt.sys".

Make sure you set your file manager to display hidden and system files. If Ad.GreenerWeb uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$LOCALSETTINGS>TempGreener Web".
  • The directory at "<$PROGRAMFILES>Greener Webbinplugins".
  • The directory at "<$PROGRAMFILES>Greener Webbin".
  • The directory at "<$PROGRAMFILES>Greener Web".

Make sure you set your file manager to display hidden and system files. If Ad.GreenerWeb uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{1973d53b-7311-45d7-8270-f44571c041a0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{1973d53b-7311-45d7-8270-f44571c041a0}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{3a1beabe-0dc5-4615-8099-83973b843c06}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "Greener Web" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Greener Web" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update Greener Web" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Greener Web" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Greener Web" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".

If Ad.GreenerWeb uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.GooterNet

The following instructions have been created to help you to get rid of "Ad.GooterNet" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.GooterNet is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>gooternetbingooternet.BOAS.exe".
  • The file at "<$PROGRAMFILES>gooternetbingooternet.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>gooternetbingooternet.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>gooternetbingooternet.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>gooternetbingooternet.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>gooternetbingooternet.ExpExt.exe".
  • The file at "<$PROGRAMFILES>gooternetbingooternet.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>gooternetbingooternet.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>gooternetbingooternetBA.dll".
  • The file at "<$PROGRAMFILES>gooternetbingooternetBAApp.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.BOAS.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.Bromon.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.BroStats.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.BRT.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.ExpExt.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.FeSvc.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.OfSvc.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.Repmon.dll".
  • The file at "<$PROGRAMFILES>gooternetbinutilgooternet.exe".
  • The file at "<$PROGRAMFILES>gooternetgooternet.FirstRun.exe".
  • The file at "<$PROGRAMFILES>gooternetgooternet.ico".
  • The file at "<$PROGRAMFILES>gooternetgooternetBHO.dll".
  • The file at "<$PROGRAMFILES>gooternetgooternetuninstall.exe".
  • The file at "<$PROGRAMFILES>gooternetupdategooternet.exe".
  • The file at "<$PROGRAMFILES>gooternetupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.GooterNet uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>gooternetbinplugins".
  • The directory at "<$PROGRAMFILES>gooternetbin".
  • The directory at "<$PROGRAMFILES>gooternet".

Make sure you set your file manager to display hidden and system files. If Ad.GooterNet uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{1e6ade05-77b7-43c7-84c8-f1562fff907b}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{9be122ba-2b3a-41fd-acf8-7a39b18d3ffe}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9be122ba-2b3a-41fd-acf8-7a39b18d3ffe}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "gooternet" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "gooternet" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update gooternet" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update gooternet" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update gooternet" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".

If Ad.GooterNet uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.DizzyDing

The following instructions have been created to help you to get rid of "Ad.DizzyDing" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.DizzyDing is a browser add-on that displays advertisements and sponsored links.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDing.BOAS.exe".
  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDing.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDing.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDing.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDing.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDing.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDing.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDingBA.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDingBAApp.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.BOAS.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.Bromon.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.BroStats.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.DspSvc.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.FeSvc.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.OfSvc.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.Repmon.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinutilDizzyDing.exe".
  • The file at "<$PROGRAMFILES>DizzyDingDizzyDing.FirstRun.exe".
  • The file at "<$PROGRAMFILES>DizzyDingDizzyDing.ico".
  • The file at "<$PROGRAMFILES>DizzyDingDizzyDingbho.dll".
  • The file at "<$PROGRAMFILES>DizzyDingDizzyDingUn.exe".
  • The file at "<$PROGRAMFILES>DizzyDingDizzyDinguninstall.exe".
  • The file at "<$PROGRAMFILES>DizzyDingupdateDizzyDing.exe".
  • The file at "<$PROGRAMFILES>DizzyDingupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.DizzyDing uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>DizzyDingbinplugins".
  • The directory at "<$PROGRAMFILES>DizzyDingbin".
  • The directory at "<$PROGRAMFILES>DizzyDing".

Make sure you set your file manager to display hidden and system files. If Ad.DizzyDing uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{93db87b6-a253-470a-bbc6-81b8213ca42a}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{b57f3d1b-2f97-4686-b2dd-f2bc1ac645e2}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{b57f3d1b-2f97-4686-b2dd-f2bc1ac645e2}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "DizzyDing" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "DizzyDing" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update DizzyDing" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update DizzyDing" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update DizzyDing" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".

If Ad.DizzyDing uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.BuzzIt

The following instructions have been created to help you to get rid of "Ad.BuzzIt" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware

Description:

Ad.BuzzIt creates a ‘Buzz-it’, ‘