Manual Removal Guide for Ad.WebSparkle

The following instructions have been created to help you to get rid of "Ad.WebSparkle" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.WebSparkle claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.
Privacy Statement:
http://websparkle.biz/Privacy
Links (be careful!):
: ttp://websparkle.biz
: ttp://www.websparkle.biz
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • A file with an unknown location named "firefox@websparkle.biz.xpi".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BOAS.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.Bromon.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BroStats.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.BRT.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.DspSvc.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.ExpExt.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.FeSvc.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.OfSvc.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinpluginsWebSparkle.Repmon.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinutilWebSparkle.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.BOAS.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.ExpExt.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkle.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkleBA.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkleBAApp.dll".
  • The file at "<$PROGRAMFILES>WebSparklebinWebSparkleBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>WebSparkleikgojpdbiniccokkgadmdheobjfdbbcg.crx".
  • The file at "<$PROGRAMFILES>WebSparkleupdater.exe".
  • The file at "<$PROGRAMFILES>WebSparkleupdateWebSparkle.exe".
  • The file at "<$PROGRAMFILES>WebSparkleWebSparkle.Common.dll".
  • The file at "<$PROGRAMFILES>WebSparkleWebSparkle.FirstRun.exe".
  • The file at "<$PROGRAMFILES>WebSparkleWebSparkle.ico".
  • The file at "<$PROGRAMFILES>WebSparkleWebSparkleBHO.dll".
  • The file at "<$PROGRAMFILES>WebSparkleWebSparkleuninstall.exe".
Make sure you set your file manager to display hidden and system files. If Ad.WebSparkle uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsikgojpdbiniccokkgadmdheobjfdbbcg1.0.0_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsikgojpdbiniccokkgadmdheobjfdbbcg".
  • The directory at "<$PROGRAMFILES>WebSparklebinplugins".
  • The directory at "<$PROGRAMFILES>WebSparklebin".
  • The directory at "<$PROGRAMFILES>WebSparkle".
Make sure you set your file manager to display hidden and system files. If Ad.WebSparkle uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{6832C453-2F06-4A9F-9080-5DDECF242856}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{6935FA3E-0771-4B2F-A668-8C9CC50A7C90}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{9f56bab3-2739-40ed-a8d0-1451657a9742}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9f56bab3-2739-40ed-a8d0-1451657a9742}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Update WebSparkle" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update WebSparkle" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update WebSparkle" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "WebSparkle" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "WebSparkle" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareWebSparkle".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareWebSparkle".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareWebSparkle".
If Ad.WebSparkle uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SerialTrunc

The following instructions have been created to help you to get rid of "Ad.SerialTrunc" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.SerialTrunc claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.
Privacy Statement:
http://www.serialtrunc.com/Privacy
Links (be careful!):
: ttp://serialtrunc.com
: ttp://www.serialtrunc.com
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • A file with an unknown location named "{47351c22-0d6c-4658-a617-795d251145e2}.xpi".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BOAS.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.Bromon.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BroStats.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.BRT.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.DspSvc.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.ExpExt.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.FeSvc.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.OfSvc.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinpluginsSerialTrunc.Repmon.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.BOAS.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.ExpExt.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTrunc.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTruncBA.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTruncBAApp.dll".
  • The file at "<$PROGRAMFILES>SerialTruncbinSerialTruncBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>SerialTruncbinutilSerialTrunc.exe".
  • The file at "<$PROGRAMFILES>SerialTruncokbdcdmpkkncigegdkhhhamjblgjbfja.crx".
  • The file at "<$PROGRAMFILES>SerialTruncSerialTrunc.Common.dll".
  • The file at "<$PROGRAMFILES>SerialTruncSerialTrunc.FirstRun.exe".
  • The file at "<$PROGRAMFILES>SerialTruncSerialTrunc.ico".
  • The file at "<$PROGRAMFILES>SerialTruncSerialTruncBHO.dll".
  • The file at "<$PROGRAMFILES>SerialTruncSerialTruncUninstall.exe".
  • The file at "<$PROGRAMFILES>SerialTruncupdater.exe".
  • The file at "<$PROGRAMFILES>SerialTruncupdateSerialTrunc.exe".
Make sure you set your file manager to display hidden and system files. If Ad.SerialTrunc uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsokbdcdmpkkncigegdkhhhamjblgjbfja1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsokbdcdmpkkncigegdkhhhamjblgjbfja".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsokbdcdmpkkncigegdkhhhamjblgjbfja".
  • The directory at "<$PROGRAMFILES>SerialTruncbinplugins".
  • The directory at "<$PROGRAMFILES>SerialTruncbin".
  • The directory at "<$PROGRAMFILES>SerialTrunc".
Make sure you set your file manager to display hidden and system files. If Ad.SerialTrunc uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{033A4BE2-42B1-4ACB-A69F-D362922136F0}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{3D1E2CA3-890D-4528-B816-2216F0E16E27}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{6BA82436-C754-4B49-B6AD-075AFA9FC625}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{8F3B5A2D-2D9B-454E-9EE5-20CE1532E9CD}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{e76b4f24-4a2f-4e65-ad36-e2aa934e547c}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{e76b4f24-4a2f-4e65-ad36-e2aa934e547c}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{e93a89a5-325d-4ef5-809d-819f657f498e}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{e93a89a5-325d-4ef5-809d-819f657f498e}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Chrome" at "HKEY_LOCAL_MACHINESOFTWARESerialTrunc".
  • Delete the registry key "Firefox" at "HKEY_CURRENT_USERSoftwareSerialTrunc".
  • Delete the registry key "Firefox" at "HKEY_LOCAL_MACHINESOFTWARESerialTrunc".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareSerialTrunc".
  • Delete the registry key "Internet Explorer" at "HKEY_LOCAL_MACHINESOFTWARESerialTrunc".
  • Delete the registry key "SerialTrunc" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "SerialTrunc" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "SerialTrunc" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Update SerialTrunc" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update SerialTrunc" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update SerialTrunc" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
If Ad.SerialTrunc uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.BlindBat

The following instructions have been created to help you to get rid of "Ad.BlindBat" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.BlindBat claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.BOAS.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.ExpExt.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbat.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>blindbatbinblindbatBA.dll".
  • The file at "<$PROGRAMFILES>blindbatbinblindbatBAApp.dll".
  • The file at "<$PROGRAMFILES>blindbatbinblindbatBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BOAS.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.Bromon.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BroStats.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.BRT.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.DspSvc.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.ExpExt.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.FeSvc.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.OfSvc.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>blindbatbinpluginsblindbat.Repmon.dll".
  • The file at "<$PROGRAMFILES>blindbatbinutilblindbat.exe".
  • The file at "<$PROGRAMFILES>blindbatblindbat.Common.dll".
  • The file at "<$PROGRAMFILES>blindbatblindbat.FirstRun.exe".
  • The file at "<$PROGRAMFILES>blindbatblindbat.ico".
  • The file at "<$PROGRAMFILES>blindbatblindbatBHO.dll".
  • The file at "<$PROGRAMFILES>blindbatblindbatuninstall.exe".
  • The file at "<$PROGRAMFILES>blindbatupdateblindbat.exe".
  • The file at "<$PROGRAMFILES>blindbatupdater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.BlindBat uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>blindbatbinplugins".
  • The directory at "<$PROGRAMFILES>blindbatbin".
  • The directory at "<$PROGRAMFILES>blindbat".
Make sure you set your file manager to display hidden and system files. If Ad.BlindBat uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{A653C2BF-2527-4CA5-B18E-CF0199205274}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{a7283e35-7d50-43f7-b698-b29f6b5fe256}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{a7283e35-7d50-43f7-b698-b29f6b5fe256}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{cb1efc96-b4ad-4a33-b6fe-7f7bf4039d0a}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "blindbat" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "blindbat" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update blindbat" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update blindbat" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update blindbat" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
If Ad.BlindBat uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Fraud.WinIFixer

The following instructions have been created to help you to get rid of "Fraud.WinIFixer" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • malware
  • rogue

Description:
Fraud.WinIFixer is a rogue anti spyware program. It shows legitimate registry entries as security threats and urges the user through annoying pop-ups to buy the fraudulent application.
Removal Instructions:

Quicklaunch area:

Please remove the following items from your start quick launch area text to the "Start" button in the taskbar at the bottom.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.
  • Quicklaunch symbols named "WinIFixer.lnk" and pointing to "<$PROGRAMFILES>WinIFixerWinIFixer.exe".

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.
  • Entries named "WinIFixer" and pointing to "<$PROGRAMFILES>WinIFixerWinIFixer.exe".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.
  • Products that have a key or property named "WinIFixer".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$COMMONDESKTOP>WinIFixer.lnk".
  • The file at "<$COMMONPROGRAMS>WinIFixer.lnk".
  • The file at "<$PROGRAMFILES>WinIFixerdatabase.dat".
  • The file at "<$PROGRAMFILES>WinIFixerlicense.txt".
  • The file at "<$PROGRAMFILES>WinIFixerUninstall.exe".
  • The file at "<$PROGRAMFILES>WinIFixerWinIFixer.exe".
  • The file at "<$PROGRAMFILES>WinIFixerWinIFixerSkin.dll".
Make sure you set your file manager to display hidden and system files. If Fraud.WinIFixer uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunHKCURunOnce".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunHKCU".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunHKLMRunOnce".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunHKLM".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunStartMenuAllUsers".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorunStartMenuCurrentUser".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineAutorun".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantineBrowserObjects".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantinePackages".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixerQuarantine".
  • The directory at "<$APPDATA>WinIFixer.comWinIFixer".
  • The directory at "<$APPDATA>WinIFixer".
  • The directory at "<$COMMONPROGRAMS>WinIFixer".
  • The directory at "<$PROGRAMFILES>WinIFixer".
Make sure you set your file manager to display hidden and system files. If Fraud.WinIFixer uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "WinIFixer.com" at "HKEY_LOCAL_MACHINESOFTWARE".
If Fraud.WinIFixer uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Fraud.MalwarePatrolPRO

The following instructions have been created to help you to get rid of "Fraud.MalwarePatrolPRO" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • malware
  • rogue

Description:
Fraud.MalwarePatrolPRO is a rogue anti spyware program. It shows legitimate registry entries as security threats and urges the user through annoying pop-ups to buy the fraudulent application.
Removal Instructions:

Quicklaunch area:

Please remove the following items from your start quick launch area text to the "Start" button in the taskbar at the bottom.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.
  • Quicklaunch symbols named "MPatrolPRO.lnk" and pointing to "<$PROGRAMFILES>MPatrolPROMPatrolPRO.exe".

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.
  • Entries named "MPatrolPRO" and pointing to "<$PROGRAMFILES>MPatrolPROMPatrolPRO.exe".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.
  • Products that have a key or property named "MPatrolPRO".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$COMMONDESKTOP>MPatrolPRO.lnk".
  • The file at "<$COMMONPROGRAMS>Malware Patrol PRO.lnk".
  • The file at "<$PROGRAMFILES>MPatrolPROdatabase.dat".
  • The file at "<$PROGRAMFILES>MPatrolPROlicense.txt".
  • The file at "<$PROGRAMFILES>MPatrolPROMPatrolPRO.exe".
  • The file at "<$PROGRAMFILES>MPatrolPROMPatrolPROSkin.dll".
  • The file at "<$PROGRAMFILES>MPatrolPROUninstall.exe".
Make sure you set your file manager to display hidden and system files. If Fraud.MalwarePatrolPRO uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunHKCURunOnce".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunHKCU".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunHKLMRunOnce".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunHKLM".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunStartMenuAllUsers".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorunStartMenuCurrentUser".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineAutorun".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantineBrowserObjects".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantinePackages".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPROQuarantine".
  • The directory at "<$APPDATA>MPatrolPROMPatrolPRO".
  • The directory at "<$APPDATA>MPatrolPRO".
  • The directory at "<$COMMONPROGRAMS>Malware Patrol PRO".
  • The directory at "<$PROGRAMFILES>MPatrolPRO".
Make sure you set your file manager to display hidden and system files. If Fraud.MalwarePatrolPRO uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "MPatrolPRO" at "HKEY_LOCAL_MACHINESOFTWARE".
If Fraud.MalwarePatrolPRO uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.PursuePoint

The following instructions have been created to help you to get rid of "Ad.PursuePoint" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.PursuePoint claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.
Privacy Statement:
http://pursuepoint.com/Privacy
Links (be careful!):
: ttp://pursuepoint.com/
: ttp://www.pursuepoint.com/
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BOAS.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.Bromon.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BroStats.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.BRT.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.DspSvc.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.ExpExt.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.FeSvc.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.OfSvc.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinpluginsPursuePoint.Repmon.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.BOAS.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.ExpExt.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePoint.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePointBA.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePointBAApp.dll".
  • The file at "<$PROGRAMFILES>PursuePointbinPursuePointBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>PursuePointbinutilPursuePoint.exe".
  • The file at "<$PROGRAMFILES>PursuePointPursuePoint.Common.dll".
  • The file at "<$PROGRAMFILES>PursuePointPursuePoint.FirstRun.exe".
  • The file at "<$PROGRAMFILES>PursuePointPursuePoint.ico".
  • The file at "<$PROGRAMFILES>PursuePointPursuePointBHO.dll".
  • The file at "<$PROGRAMFILES>PursuePointPursuePointuninstall.exe".
  • The file at "<$PROGRAMFILES>PursuePointupdatePursuePoint.exe".
  • The file at "<$PROGRAMFILES>PursuePointupdater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.PursuePoint uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>PursuePointbinplugins".
  • The directory at "<$PROGRAMFILES>PursuePointbin".
  • The directory at "<$PROGRAMFILES>PursuePoint".
Make sure you set your file manager to display hidden and system files. If Ad.PursuePoint uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{3C34D780-67A3-4E14-9001-5D9E4CE42F48}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{8A849661-DFEC-4C8F-ACF6-5DEA14ABDAB3}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{e1578e0c-7554-4980-a160-d0f4f7d8af47}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{e1578e0c-7554-4980-a160-d0f4f7d8af47}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "PursuePoint" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "PursuePoint" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update PursuePoint" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update PursuePoint" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update PursuePoint" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
If Ad.PursuePoint uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.GearScroll

The following instructions have been created to help you to get rid of "Ad.GearScroll" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.GearScroll claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.
Privacy Statement:
http://www.gearscroll.net/Privacy
Links (be careful!):
: ttp://gearscroll.net/
: ttp://www.gearscroll.net/
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • A file with an unknown location named "{3a97dd70-72bb-46f4-8870-7194ab32b8fe}.xpi".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.BOAS.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.ExpExt.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScroll.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScrollBA.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScrollBAApp.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinGearScrollBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BOAS.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.Bromon.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BroStats.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.BRT.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.DspSvc.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.ExpExt.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.FeSvc.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.OfSvc.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinpluginsGearScroll.Repmon.dll".
  • The file at "<$PROGRAMFILES>GearScrollbinutilGearScroll.exe".
  • The file at "<$PROGRAMFILES>GearScrollGearScroll.Common.dll".
  • The file at "<$PROGRAMFILES>GearScrollGearScroll.FirstRun.exe".
  • The file at "<$PROGRAMFILES>GearScrollGearScroll.ico".
  • The file at "<$PROGRAMFILES>GearScrollGearScrollBHO.dll".
  • The file at "<$PROGRAMFILES>GearScrollGearScrolluninstall.exe".
  • The file at "<$PROGRAMFILES>GearScrollupdateGearScroll.exe".
  • The file at "<$PROGRAMFILES>GearScrollupdater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.GearScroll uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>GearScrollbinplugins".
  • The directory at "<$PROGRAMFILES>GearScrollbin".
  • The directory at "<$PROGRAMFILES>GearScroll".
Make sure you set your file manager to display hidden and system files. If Ad.GearScroll uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "gearscroll.net" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "GearScroll" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "GearScroll" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "GearScroll" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Update GearScroll" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update GearScroll" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update GearScroll" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareGearScroll".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareGearScroll".
  • Delete the registry value "iid" at "HKEY_LOCAL_MACHINESOFTWAREGearScroll".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareGearScroll".
If Ad.GearScroll uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Albrechto

The following instructions have been created to help you to get rid of "Ad.Albrechto" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.Albrechto claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.
Privacy Statement:
http://www.albrechto.co/Privacy
Links (be careful!):
: ttp://albrechto.co
: ttp://www.albrechto.co
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>albrechtoalbrechto.Common.dll".
  • The file at "<$PROGRAMFILES>albrechtoalbrechto.FirstRun.exe".
  • The file at "<$PROGRAMFILES>albrechtoalbrechto.ico".
  • The file at "<$PROGRAMFILES>albrechtoalbrechtoBHO.dll".
  • The file at "<$PROGRAMFILES>albrechtoalbrechtouninstall.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.BOAS.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.ExpExt.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechto.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechtoBA.dll".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechtoBAApp.dll".
  • The file at "<$PROGRAMFILES>albrechtobinalbrechtoBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BOAS.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.Bromon.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BroStats.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.BRT.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.DspSvc.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.ExpExt.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.FeSvc.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.OfSvc.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>albrechtobinpluginsalbrechto.Repmon.dll".
  • The file at "<$PROGRAMFILES>albrechtobinutilalbrechto.exe".
  • The file at "<$PROGRAMFILES>albrechtonkopijddpkmggacdghppacglggodkcod.crx".
  • The file at "<$PROGRAMFILES>albrechtoupdatealbrechto.exe".
  • The file at "<$PROGRAMFILES>albrechtoupdater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.Albrechto uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnkopijddpkmggacdghppacglggodkcod1.0.0_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnkopijddpkmggacdghppacglggodkcod".
  • The directory at "<$PROGRAMFILES>albrechtobinplugins".
  • The directory at "<$PROGRAMFILES>albrechtobin".
  • The directory at "<$PROGRAMFILES>albrechto".
Make sure you set your file manager to display hidden and system files. If Ad.Albrechto uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{1881a451-f7fb-44bc-85b2-fcea4b1403e3}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{1881a451-f7fb-44bc-85b2-fcea4b1403e3}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{33245300-D6A0-4F27-B1DE-CD4C97380218}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{43FE7D98-607E-495F-9800-15220FA5698F}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{4b74bd5c-e08b-4921-92bc-1ea8bb899da2}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{4b74bd5c-e08b-4921-92bc-1ea8bb899da2}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{B287C84C-3FB1-48E8-914A-44A41222194C}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{BF411B06-E132-46D1-94B8-15D8E39A9D92}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{CE5A6611-5000-43C6-BBF7-014127FE985A}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "albrechto" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "albrechto" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update albrechto" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update albrechto" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update albrechto" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwarealbrechto".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwarealbrechto".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwarealbrechto".
If Ad.Albrechto uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Spybot 2.5 and Scanner 2.6

Spybot version 2.4 is the most recent version of Spybot available on our website.

Users of the Windows 10 Operating System may encounter issues using this version of Spybot, so we have included files in Spybot’s updates to allow users to upgrade Spybot to version 2.5 after installation.

To do this, install and update Spybot 2.4. This will result in the appearance of a “Post Windows 10 Spybot-install” file which appears on your Desktop. Running this file will prompt you to download and install Spybot 2.5, which we have made changes to for compatibility with Windows 10.

We have not made Spybot 2.5 available on our website yet, as the changes made in this version can cause issues with older OS’s such as Windows Vista or XP.

Sharp-eyed users may also have noticed recently that Spybot’s system scanner has been upgraded to version 2.6. The additional files in this new version of the scanner include fixes for issues that some users were encountering such as:
– The system scan froze without displaying the scan results when the scan had completed (Zlob.ZipCodec issue).
– The “Settings” button in Spybot’s Start Center was unresponsive.

When the fixes for these issues were successfully tested, they were included in the updated version of the scanner.

Payment System Issues 2016-04-20

Please note that if you tried to purchase a Spybot license in the last 24 hours, your order may not have been processed properly due to technical issues with our payment system.

If you encountered this issue, your license request may have been sent as a “Test” order, and a license was not generated for you. If your order was processed this way, your credit card will not have been charged for your purchase.

This issue has since been fixed, and orders are now functioning correctly. If you place a new order, this will be processed correctly and your license will be generated for you.

If you have any concerns about this issue, or are unsure if you were affected by it, you can contact our Sales Team here:

Resend License

Manual Removal Guide for Win32.BHO.acsi

The following instructions have been created to help you to get rid of "Win32.BHO.acsi" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • trojan
  • bho

Description:
Win32.BHO.acsi creates files and in the program files subfolder "extremeup" and installs a BHO (Browser Helper Object).
Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.
  • Entries named "extremeup" and pointing to "<$PROGRAMFILES>extremeupextremeupupdate.exe".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>extremeupextremeup.dll".
  • The file at "<$PROGRAMFILES>extremeupextremeupupdate.exe".
  • The file at "<$PROGRAMFILES>extremeupuninstall.exe".
Make sure you set your file manager to display hidden and system files. If Win32.BHO.acsi uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>extremeup".
Make sure you set your file manager to display hidden and system files. If Win32.BHO.acsi uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • A key in HKEY_CLASSES_ROOT named "autopopup.autopopupobj.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "autopopup.autopopupobj", plus associated values.
  • Delete the registry key "{0C0882B9-B682-4800-8258-B367CD9851FB}" at "HKEY_CLASSES_ROOTAppID".
  • Delete the registry key "{301629EB-3644-45C2-8E24-97B95054983B}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{8327886C-C208-408B-AD90-B3EE40C42947}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{8327886C-C208-408B-AD90-B3EE40C42947}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{F9849E61-949E-4A3C-B87D-0C920D223433}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "autopopup.DLL" at "HKEY_CLASSES_ROOTAppID".
  • Delete the registry key "extremeup" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "extremeup" at "HKEY_CURRENT_USERSoftwareAppDataLowSoftware".
  • Delete the registry key "extremeup" at "HKEY_LOCAL_MACHINESOFTWARE".
If Win32.BHO.acsi uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.ClingClang

The following instructions have been created to help you to get rid of "Ad.ClingClang" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.ClingClang claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.BOAS.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.ExpExt.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClang.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClangBA.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClangBAApp.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinClingClangBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BOAS.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.Bromon.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BroStats.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.BRT.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.DspSvc.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.ExpExt.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.FeSvc.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.OfSvc.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinpluginsClingClang.Repmon.dll".
  • The file at "<$PROGRAMFILES>Cling ClangbinutilClingClang.exe".
  • The file at "<$PROGRAMFILES>Cling ClangClingClang.Common.dll".
  • The file at "<$PROGRAMFILES>Cling ClangClingClang.FirstRun.exe".
  • The file at "<$PROGRAMFILES>Cling ClangClingClang.ico".
  • The file at "<$PROGRAMFILES>Cling ClangClingClangBHO.dll".
  • The file at "<$PROGRAMFILES>Cling ClangClingClanguninstall.exe".
  • The file at "<$PROGRAMFILES>Cling ClangupdateClingClang.exe".
  • The file at "<$PROGRAMFILES>Cling Clangupdater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.ClingClang uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>Cling Clangbinplugins".
  • The directory at "<$PROGRAMFILES>Cling Clangbin".
  • The directory at "<$PROGRAMFILES>Cling Clang".
Make sure you set your file manager to display hidden and system files. If Ad.ClingClang uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{aa9aa36b-5b7b-4996-b083-83ef84d53b19}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{aa9aa36b-5b7b-4996-b083-83ef84d53b19}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{F5CC28D2-55BD-4D7D-A315-BE93C4EDA1C2}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "Cling Clang" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Cling Clang" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update Cling Clang" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Cling Clang" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Cling Clang" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
If Ad.ClingClang uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.QvodPlayer

The following instructions have been created to help you to get rid of "Ad.QvodPlayer" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware

Description:
Ad.QvodPlayer installs a chinese video player and adware applications, e.g. BaiduBar.
Removal Instructions:

Desktop:

Please remove the following files from your desktop.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.
  • Shortcuts named "QvodPlayer" and pointing to "E:Program FilesQvodPlayerQvodPlayer.exe".

Important: There are more desktop links that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Quicklaunch area:

Important: There are more quicklaunch items that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.
  • Entries named "Kuaiwan" and pointing to "?<$PROGRAMFILES>KuaiwanKuaiwan.exe*".
  • Entries named "QvodPlayer" and pointing to "<$SYSDRIVE>Program FilesQvodPlayerQvodTerminal.exe".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.
  • Products that have a key or property named "Kuaiwan".
  • Products that have a key or property named "QvodPlayer".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$COMMONAPPDATA>KuaiWanAppInfo.xml".
  • The file at "<$COMMONAPPDATA>KuaiWanUser.ini".
  • The file at "<$PROGRAMFILES>KuaiwanskinDefaultSkin.xml".
  • The file at "<$PROGRAMFILES>KuaiwanskinDefaultSkinMainTabThumbs.db".
  • The file at "<$PROGRAMFILES>KuaiwanskinDefaultSkinWebGameTabThumbs.db".
  • The file at "<$SYSDRIVE>desktop.ini".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerAddInASBarBroker.exe".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerQvodCfg.ini".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerSkinDefaultvolumep.bmp".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerTipPopMessage.xml".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerTipQvodTip.exe".
  • The file at "<$SYSDRIVE>Program FilesQvodPlayerTipQvodTips.dll".
Make sure you set your file manager to display hidden and system files. If Ad.QvodPlayer uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>qvodaddr".
  • The directory at "<$COMMONAPPDATA>KuaiWan".
  • The directory at "<$COMMONPROGRAMFILES>QvodPlayerCodecs".
  • The directory at "<$COMMONPROGRAMFILES>QvodPlayer".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkininsert".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkinkey".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkinMainTab".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkinwebgame".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkinWebGameTab".
  • The directory at "<$PROGRAMFILES>KuaiwanskinDefaultSkin".
  • The directory at "<$PROGRAMFILES>Kuaiwanskin".
  • The directory at "<$PROGRAMFILES>Kuaiwan".
  • The directory at "<$PROGRAMS>QVOD".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerAddIn".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerCodecs".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerLang".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerLyrics".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinAluminum".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinBlue".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinDark".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinDefault".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinExalted".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinGray".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinMediaPlayer".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinMiNi".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinNavy".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_ccch".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_gysd".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_lskj".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_ly".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_QuickTimer".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_sl".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_xlxl".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_yh".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_yryh".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinnew_zcl".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinSimple".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkinSimple2".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerSkin".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerTip".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayerViewdata".
  • The directory at "<$SYSDRIVE>Program FilesQvodPlayer".
Make sure you set your file manager to display hidden and system files. If Ad.QvodPlayer uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • A key in HKEY_CLASSES_ROOT named "KWCheck.KuaiWan.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "KWCheck.KuaiWan", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QVOD", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QVODADD", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "Qvodbt", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QVODCHA", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QvodInsert.QvodCtrl.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QvodInsert.QvodCtrl", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.3g2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.3gp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.3gp2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.3gpp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.aac", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ac3", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.aif", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.aifc", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.aiff", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.amr", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.amv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ape", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.asf", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.asx", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.au", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.avi", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.bik", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.cda", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.csf", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.cue", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.d2v", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dsa", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dsm", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dss", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dsv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dts", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.dvd", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.evo", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.f4v", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.flac", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.flc", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.fli", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.flv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ivf", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m1v", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m2p", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m2ts", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m2v", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m3u", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m4a", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m4b", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m4p", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.m4v", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mac", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mid", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.midi", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mkv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mod", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mov", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mp2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mp3", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mp4", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mp5", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mpa", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mpe", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mpeg", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mpg", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mpga", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mts", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.mvx", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ogg", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ogm", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.pm2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.pmp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.pmp2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.pss", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.pva", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.qmv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.qpl", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.qsed", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.qt", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ra", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ram", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rat", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rm", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rmi", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rmvb", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.roq", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rpm", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rsc", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.rt", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.smil", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.smk", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.smv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.swf", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.tim", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.tp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.tpr", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ts", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.tta", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.ttpl", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.vg2", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.vid", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.vob", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.vp6", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.vp7", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wav", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wm", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wma", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wmp", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wmv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wmx", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wpl", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "qvodplayer.wv", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "QVODSEA", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "ShareModule.QvodShare.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "ShareModule.QvodShare", plus associated values.
  • Delete the registry key "{00000001-4FEF-40D3-B3FA-E0531B897F98}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{007FC171-01AA-4B3A-B2DB-062DEE815A1E}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0180E49C-13BF-46DB-9AFD-9F52292E1C22}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{02AFA80F-4BEE-41FD-8572-214B58A9EF90}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{03D82D06-49E2-4E37-9670-BCAB4DBC642D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{04FE9017-F873-410E-871E-AB91661A4EF7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0512B874-44F6-48F1-AFB5-6DE808DDE230}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{05F983EC-637F-4133-B489-5E03914929D7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0912B4DD-A30A-4568-B590-7179EBB420EC}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{09571A4B-F1FE-4C60-9760-DE6D310C7C31}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0B390488-D80F-4A68-8408-48DC199F0E97}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0C56B154-43F7-48A0-87B2-E9ACC8E1E471}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0E9D4BF7-CBCB-46C7-BD80-4EF223A3DC2B}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{0F40E1E5-4F79-4988-B1A9-CC98794E6B55}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{1365BE7A-C86A-473C-9A41-C0A6E82C9FA3}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{164A68B6-3F90-47C2-85A7-1E4D8952EF0A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{1932C124-77DA-4151-99AA-234FEA09F463}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{1ADD57B8-A7A9-4518-B9B5-862590FF9EB4}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy".
  • Delete the registry key "{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy".
  • Delete the registry key "{1F71651E-65D2-40BF-AC44-275D11927D99}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{20E9DE6B-87D5-4E85-8BB0-038284A6C44D}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{212CA6D1-E9BB-41cf-BF77-06E000F403A8}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{238D0F23-5DC9-45A6-9BE2-666160C324DD}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{24FA7933-FE18-46A9-914A-C2AA0DBACE93}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{2566F758-FE4A-4691-9F93-30AF685BB403}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{2627A1B6-F8FF-4E9C-9422-4908E8D1DFE9}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{2F09858D-D67F-4F8B-8DE8-666666CB9FAD}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{32E2BDD6-8812-42c3-A907-B9587C148EE3}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{363F46BE-27B4-4C8D-99E7-B1E049B84376}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{37991D68-42A3-40E3-8C05-037170E1A42A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{3BB3828F-9787-48A7-A894-6ADE46C64737}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{3CCC052E-BDEE-408A-BEA7-90914EF2964B}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{3E3ECA90-4D6A-4344-98C3-1BB95BF24038}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{3FD0479E-D6B9-4629-9496-509D3D070918}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{412C98D0-B46E-4FFA-92E1-4016782EE0AB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{432F118C-DB79-4561-9799-CC95EA78208B}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{46E00789-37CA-4278-8907-02088898B6B0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{47E792CF-0BBE-4F7A-859C-194B0768650A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{48B51CD7-D8FA-4452-B00C-5BBFDE92B9AB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{49590BC9-6DD5-4E44-AD4C-E8FCB7131EC4}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{4DB2B5D9-4556-4340-B189-AD20110D953F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{50DDA33E-C529-4343-9689-338ADC793BB5}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{533B0507-1869-4503-B61C-DA4842EEB800}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{53D9DE0B-FC61-4650-9773-74D13CC7E582}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{545A00C2-FCCC-40B3-9310-2C36AE64B0DD}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{54A35221-2C8D-4A31-A5DF-6D809847E393}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{5593CF36-190B-4A47-A4DD-9680093DBA1D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{55DA30FC-F16B-49FC-BAA5-AE59FC65A150}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{5711D95F-0984-4A22-8FF8-90A954958D0C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{57A5353F-2725-440c-BBBC-DB20A1C8A57D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{5905A0A9-A82C-4A7B-8418-FC1F6D1AD5DB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{59A0DB73-0287-4C9A-9D3C-8CFF39F8E5DB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{5BC26A00-5101-47d7-A5DB-AB6AAC44F51B}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{60765CF5-01C2-4EE7-A44B-C791CF25FEA0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{64697678-0000-0010-8000-00AA00389B71}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{64F2005C-6CF5-4652-B94F-600360B15B27}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{650DE05E-5CD3-44F8-BA20-A5BB91FC61E6}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{66EA14E6-E2B3-433D-923E-EE401CADBBD9}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6B97CB13-A992-4970-8864-4F32E845B7B4}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6D3688CE-3E9D-42F4-92CA-8A11119D25CD}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6E756F73-15A3-4ECE-98C0-D9CD2744F5A8}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6F6C6F63-0000-0010-8000-00AA00389B71}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{7139E26A-49CA-4344-B063-C702858627D9}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{75878923-D1ED-49AF-B550-BC993578292E}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{760A8F35-97E7-479D-AAF5-DA9EFF95D751}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{765035B3-5944-4A94-806B-20EE3415F26F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{78302E8C-3C6F-267C-2E0D-1D37BF7E3D64}" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "{78766964-0000-0010-8000-00AA00389B71}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy".
  • Delete the registry key "{7B63A013-DC2C-462E-9292-CAF8C867100F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{7B6F8B69-0925-48F1-AE78-7506D6C3972C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{7CA71B1E-A67D-4D54-A200-FA47605483A7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{7E493C9A-2E54-4F25-9B9A-D3C4DEBFCB62}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{803E8280-F3CE-4201-982C-8CD8FB512004}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{86708513-5A2E-424f-AB46-F4BE3F82954F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{87271B4E-1726-4CED-AF0D-BE675621FD29}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{87BBB4ED-1767-4b7e-821C-7C4657E439D4}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{895322C5-84A1-450C-8478-C57793CAE86F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{89B2C28D-779F-4704-AD29-113B0977E8A5}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{8E8B4A31-408B-4929-86A4-A9FA9F01BA43}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{8E9922F0-B775-45B8-B650-941BEA790EEB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{8F43B7D9-9D6B-4F48-BE18-4D787C795EEA}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{90A9B7D2-3794-45EA-9E23-140E3938D2D9}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{90C7D10E-CE9A-479B-A238-1A0F2396DE43}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{91878E42-FC03-4785-B513-1F9E613D1027}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{93A22E7A-5091-45EF-BA61-6DA26156A5D0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{941A4793-A705-4312-8DFC-C11CA05F397E}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{94C3E4BB-A261-4A83-B437-EA6F7A28CA68}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{94C3E4BB-A261-4A83-B437-EA6F7A28CA68}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{96CE7B0D-06B3-42E2-8DB7-CFC6CF0121F6}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9736D831-9D6C-4E72-B6E7-560EF9181001}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9852A670-F845-491B-9BE6-EBD841B8A613}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{99735894-CAF4-488B-8275-B8CB1998216E}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{99AA8908-FC7F-4815-B023-3BC2F5F8D372}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{99D9DC39-90DE-41D3-AECA-345D7F1B9540}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9A6E096E-4588-3E32-F06C-69F6B8784825}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9A6E096E-4588-3E32-F06C-69F6B8784825}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{9A98ADCC-C6A4-449E-A8B1-0363673D9F8A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9B2DBA95-39D2-4537-8BBF-CED535E8DE56}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9F44453E-1E46-4D5C-B57C-112FF2EDAE82}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9FF48807-E133-40AA-826F-9B2959E5232D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A0606860-51BE-4CF6-99C0-7CE5F78AC2D8}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A28F324B-DDC5-4999-AA25-D3A7E25EF7A8}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A36C253D-CEE4-4BCA-9CC2-E03CF6BBB054}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A753A1EC-973E-4718-AF8E-A3F554D45C44}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A8B25C0E-0894-4531-B668-AB1599FAF7F6}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A94662D1-35FD-43d1-BDA3-172CE4D5C236}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A975010E-D292-4A74-A9FF-E536C94C0647}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{AAA4AACD-FD95-4240-9C45-9EB98E5DAC52}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{ACD23F8C-B37E-4B2D-BA08-86CB6E621D6A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{ACE4747B-35BD-4E97-9DD7-1D4245B0695C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{AD461A96-4DB8-4C6E-BF23-84D682ADC382}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{AD92C6E6-997A-4E9E-9D7D-EDED6DE933FB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{AF54DF04-9597-4B3D-947A-3A7A7F29C0E9}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B3DE7EDC-0CD4-4d07-B1C5-92219CD475CC}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B4DAEDB7-7F0E-434F-9AA3-B82B549A3680}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B5A7D70F-AE96-4F83-B811-572CA3529323}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B6EAE677-074B-43EA-9239-5E509F87C652}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B7BCE5B0-2112-420A-BDFF-178995FBFCA2}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B841F346-4835-4de8-AA5E-2E7CD2D4C435}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B86F6BEE-E7C0-4D03-8D52-5B4430CF6C88}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerSearchScopes".
  • Delete the registry key "{BA327E17-6AE9-430B-8246-1A90208AD1D7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{BAC04407-3588-42AA-93BE-6D3720E9FB28}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{BB9CDE7F-AF28-4205-9B3C-789FA7D0F29F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{BD4FB4BE-809D-487b-ADD6-F7D164247E52}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{BDE0D9DF-288F-4286-906F-93197673B3A7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C1630673-8C58-481C-9F15-83F11D8B89F0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C204438D-6E1A-4309-B09C-0C0F749863AF}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C29CE93C-3908-4DA7-A7DA-4968C3AF2AE8}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{C2D6D98F-09CA-4524-AF64-1049B5665C9C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C7E094E1-A326-4E33-824D-6598D399DA13}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C8B9C208-9E5C-4F09-AED5-B21A273C4CCA}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{C9ECE7B3-1D8E-41F5-9F24-B255DF16C087}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{CE77C59C-CFD2-429F-868C-8B04D23F94CA}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{CEA8DEFF-0AF7-4DB9-9A38-FB3C3AEFC0DE}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D02E3AB9-7796-40CB-BDFC-20D834FE1F75}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{D0430FE6-1621-41e4-A109-CA5B0C57FE1D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D2598A88-4035-4556-84A2-B0F76A544E92}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D367878E-F3B8-4235-A968-F378EF1B9A44}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D48D1EB2-BF95-4EE1-BD69-9AD0515F050D}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D6065CEC-BDEE-4C6D-BE53-DD27DFED2E75}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{D6A9B8CC-192D-4F00-8BF8-AD8774011B07}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D6D61C19-8563-4e8e-B755-0589DA6A3077}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D7AF1F00-A702-4D1B-8490-8B7E0CDC3DEF}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{D8DF27C0-209C-41EF-8AF9-30A0C2C13268}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{DB43B405-43AA-4f01-82D8-D84D47E6019C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{DBF9000E-F08C-4858-B769-C914A0FBB1D7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{DC257063-045F-4BE2-BD5B-E12279C464F0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{df20ddfa-0d19-463a-ab46-e5d8ef6efd69}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E117D42B-839C-498A-95DA-647BC90E2B8F}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E21BE468-5C18-43EB-B0CC-DB93A847D769}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E3DEC0EB-13E4-45EE-8F2E-577A3ECAFCBD}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{E4C3B74F-0C02-4D4E-B932-F7A1889B3ABB}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E5960BC4-A76B-4211-BEEC-9AEE2AF8AAE6}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{E9203D3F-6404-40aa-99CC-5267215B81A7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{EBCBF283-A798-4BA1-A8E1-E9413927F715}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{ECCBA771-92F2-497b-98AA-5FAA0BAA2DF6}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F0B801B1-A239-473B-B6B4-6AE3DB3ABBD3}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F13D3732-96BD-4108-AFEB-E85F68FF64DC}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F23B1F18-CB1A-47ED-A1FE-B60494A626D0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F3D0D36F-23F8-4682-A195-74C92B03D4AF}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F4F4A9DC-D4B6-4145-8EBC-8E5099686237}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F544E0F5-CA3C-47EA-A64D-35FCF1602396}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F6E8FC04-8B05-48B1-9399-848229502A06}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{F9BC0421-BB5C-447D-8547-BB45AFA80A4D}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{F9D06915-85A0-442A-A465-5F3AAAFE059B}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{FBA5FB05-58C3-45CB-8B0D-C2313EA048CF}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{FF5DCC7A-7147-41E1-86E8-DD05ABD588BF}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{FFFCC670-5CD4-4C09-952C-F53F46C2B1A7}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "Kuaiwan.exe" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp Paths".
  • Delete the registry key "Kuaiwan" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "KuaiWanInsert" at "HKEY_CURRENT_USERSoftwareMozillaPlugins".
  • Delete the registry key "madFlac" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "QvodCDAudioOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersHandlers".
  • Delete the registry key "QvodDVDMovieOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersHandlers".
  • Delete the registry key "QvodMediaOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersHandlers".
  • Delete the registry key "QvodMenu" at "HKEY_CLASSES_ROOT*shellexContextMenuHandlers".
  • Delete the registry key "QvodPlayer.exe" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp Paths".
  • Delete the registry key "QvodPlayer" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "QvodPlayer" at "HKEY_CURRENT_USERSoftwareCyberLinkCommonCLVSD".
  • Delete the registry key "QvodPlayer" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT.dat".
  • Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT.dvd".
  • Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT.mov".
  • Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT.torrent".
  • Delete the registry value "(Default)" at "HKEY_CLASSES_ROOT.wmp".
  • Delete the registry value "qhtp" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsAccepted Documents".
  • Delete the registry value "qvod" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsAccepted Documents".
  • Delete the registry value "QvodCDAudioOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersEventHandlersPlayCDAudioOnArrival".
  • Delete the registry value "QvodDVDMovieOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersEventHandlersPlayDVDMovieOnArrival".
  • Delete the registry value "QvodMediaOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersEventHandlersPlayMusicFilesOnArrival".
  • Delete the registry value "QvodMediaOnArrival" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersEventHandlersPlayVideoFilesOnArrival".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.aif".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.aifc".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.aiff".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.asf".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.asx".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.au".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.avi".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.cda".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.ivf".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.m1v".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.m3u".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mid".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.midi".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mp2".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mp3".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mpa".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mpe".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mpeg".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.mpg".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.rat".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.rmi".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.rpm".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.swf".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wav".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wm".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wma".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wmv".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wmx".
  • Delete the registry value "qvodplayerbak" at "HKEY_CLASSES_ROOT.wpl".
If Ad.QvodPlayer uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Browser:

The following browser plugins or items can either be removed directly in your browser, or through the help of e.g. Spybot-S&D or RunAlyzer.
  • Please check your bookmarks for links to "kuaibo.com".

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Okiitan

The following instructions have been created to help you to get rid of "Ad.Okiitan" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Okiitan claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://okiitan.com/Privacy

Links (be careful!):

: ttp://okiitan.com/
: ttp://www.okiitan.com/

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{78b17104-363a-4bd9-b49c-77419f14b0d0}.xpi".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.BOAS.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.ExpExt.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitan.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitanBA.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitanBAApp.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinOkiitanBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BOAS.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.Bromon.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BroStats.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.BRT.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.DspSvc.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.ExpExt.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.FeSvc.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.OfSvc.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinpluginsOkiitan.Repmon.dll".
  • The file at "<$PROGRAMFILES>OkiitanbinutilOkiitan.exe".
  • The file at "<$PROGRAMFILES>OkiitanOkiitan.Common.dll".
  • The file at "<$PROGRAMFILES>OkiitanOkiitan.FirstRun.exe".
  • The file at "<$PROGRAMFILES>OkiitanOkiitan.ico".
  • The file at "<$PROGRAMFILES>OkiitanOkiitanBHO.dll".
  • The file at "<$PROGRAMFILES>OkiitanOkiitanuninstall.exe".
  • The file at "<$PROGRAMFILES>OkiitanupdateOkiitan.exe".
  • The file at "<$PROGRAMFILES>Okiitanupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Okiitan uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>Okiitanbinplugins".
  • The directory at "<$PROGRAMFILES>Okiitanbin".
  • The directory at "<$PROGRAMFILES>Okiitan".

Make sure you set your file manager to display hidden and system files. If Ad.Okiitan uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "Okiitan" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Okiitan" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update Okiitan" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Okiitan" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Okiitan" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".

If Ad.Okiitan uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Larparus

The following instructions have been created to help you to get rid of "Ad.Larparus" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Larparus claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.larparus.com/Privacy

Links (be careful!):

: ttp://larparus.com
: ttp://www.larparus.com

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • The file at "<$PROGRAMFILES>LarparusbinLarparus.BOAS.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.ExpExt.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparus.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>LarparusbinLarparusBA.dll".
  • The file at "<$PROGRAMFILES>LarparusbinLarparusBAApp.dll".
  • The file at "<$PROGRAMFILES>LarparusbinLarparusBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BOAS.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.Bromon.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BroStats.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.BRT.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.DspSvc.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.ExpExt.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.FeSvc.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.OfSvc.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>LarparusbinpluginsLarparus.Repmon.dll".
  • The file at "<$PROGRAMFILES>LarparusbinutilLarparus.exe".
  • The file at "<$PROGRAMFILES>LarparusLarparus.Common.dll".
  • The file at "<$PROGRAMFILES>LarparusLarparus.FirstRun.exe".
  • The file at "<$PROGRAMFILES>LarparusLarparus.ico".
  • The file at "<$PROGRAMFILES>LarparusLarparusBHO.dll".
  • The file at "<$PROGRAMFILES>LarparusLarparusuninstall.exe".
  • The file at "<$PROGRAMFILES>Larparusnhggejjcbpfidlfahfdglfmhpdmoikbb.crx".
  • The file at "<$PROGRAMFILES>LarparusupdateLarparus.exe".
  • The file at "<$PROGRAMFILES>Larparusupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Larparus uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnhggejjcbpfidlfahfdglfmhpdmoikbb1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnhggejjcbpfidlfahfdglfmhpdmoikbb".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsnhggejjcbpfidlfahfdglfmhpdmoikbb".
  • The directory at "<$PROGRAMFILES>Larparusbinplugins".
  • The directory at "<$PROGRAMFILES>Larparusbin".
  • The directory at "<$PROGRAMFILES>Larparus".

Make sure you set your file manager to display hidden and system files. If Ad.Larparus uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{046c439e-6aa7-41d3-9838-62f88a9dc029}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{046c439e-6aa7-41d3-9838-62f88a9dc029}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{95490DA1-D9FC-4EE8-BC26-4617B2D19BAC}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{FB3F0DA5-B1E6-407B-8D63-2B048627FE67}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "Larparus" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Larparus" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update Larparus" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Larparus" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Larparus" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareLarparus".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareLarparus".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareLarparus".

If Ad.Larparus uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.FindRight

The following instructions have been created to help you to get rid of "Ad.FindRight" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.FindRight claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.
Links (be careful!):
: ttp://myfindright.com
: ttp://www.myfindright.com
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • A file with an unknown location named "{42e50651-9669-456e-9081-d5a836274274}.xpi".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.BOAS.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.ExpExt.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRight.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>FindRightbinFindRightBA.dll".
  • The file at "<$PROGRAMFILES>FindRightbinFindRightBAApp.dll".
  • The file at "<$PROGRAMFILES>FindRightbinFindRightBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BOAS.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.Bromon.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BroStats.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.BRT.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.DspSvc.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.ExpExt.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.FeSvc.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.OfSvc.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>FindRightbinpluginsFindRight.Repmon.dll".
  • The file at "<$PROGRAMFILES>FindRightbinutilFindRight.exe".
  • The file at "<$PROGRAMFILES>FindRightbinXTLSApp.dll".
  • The file at "<$PROGRAMFILES>FindRightbinXTLSApp.exe".
  • The file at "<$PROGRAMFILES>FindRightFindRight.Common.dll".
  • The file at "<$PROGRAMFILES>FindRightFindRight.FirstRun.exe".
  • The file at "<$PROGRAMFILES>FindRightFindRight.ico".
  • The file at "<$PROGRAMFILES>FindRightFindRightBHO.dll".
  • The file at "<$PROGRAMFILES>FindRightFindRightuninstall.exe".
  • The file at "<$PROGRAMFILES>FindRightibokihboaojdolnlgbejebillmaodnfc.crx".
  • The file at "<$PROGRAMFILES>FindRightupdateFindRight.exe".
  • The file at "<$PROGRAMFILES>FindRightupdater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.FindRight uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsibokihboaojdolnlgbejebillmaodnfc1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsibokihboaojdolnlgbejebillmaodnfc".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsibokihboaojdolnlgbejebillmaodnfc".
  • The directory at "<$PROGRAMFILES>FindRightbinplugins".
  • The directory at "<$PROGRAMFILES>FindRightbin".
  • The directory at "<$PROGRAMFILES>FindRight".
Make sure you set your file manager to display hidden and system files. If Ad.FindRight uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{2c774641-5504-46a8-b63f-6715ae3fe376}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{2c774641-5504-46a8-b63f-6715ae3fe376}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{4CCADDA1-60AD-48AA-97C2-FA892D2499FB}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{C638ABE2-47DA-4351-B170-E6A673D25CA3}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "FindRight" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "FindRight" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update FindRight" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update FindRight" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update FindRight" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareFindRight".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareFindRight".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareFindRight".
If Ad.FindRight uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.PrivacyPlus

The following instructions have been created to help you to get rid of "PU.PrivacyPlus" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • pups

Description:
PU.PrivacyPlus is a Korean unwanted program.
Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.
  • Entries named "PrivacyPlus" and pointing to "<$PROGRAMFILES>PrivacyPlusPrivacyPlusC.exe*".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$LOCALSETTINGS>TempPRIVACY_PLUS.exe".
  • The file at "<$PROGRAMFILES>PrivacyPlusUninstall.exe".
Make sure you set your file manager to display hidden and system files. If PU.PrivacyPlus uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>PrivacyPlus".
Make sure you set your file manager to display hidden and system files. If PU.PrivacyPlus uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "PrivacyPlus" at "HKEY_CURRENT_USERSoftware".
If PU.PrivacyPlus uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.WebFrog

The following instructions have been created to help you to get rid of "Ad.WebFrog" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.WebFrog is a browser add-on that displays advertisements and sponsored links.
Privacy Statement:
http://www.webfrog.co/Privacy
Links (be careful!):
: ttp://www.webfrog.co
: ttp://wwwwebfrogco-a.akamaihd.net
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BOAS.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.Bromon.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BroStats.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BRT.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.DspSvc.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.ExpExt.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.FeSvc.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.OfSvc.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.Repmon.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinutilWebFrog.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BOAS.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.ExpExt.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrogBA.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrogBAApp.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrogBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>Web Frogfirefox@webfrog.co.xpi".
  • The file at "<$PROGRAMFILES>Web Frogupdater.exe".
  • The file at "<$PROGRAMFILES>Web FrogupdateWebFrog.exe".
  • The file at "<$PROGRAMFILES>Web FrogWebFrog.Common.dll".
  • The file at "<$PROGRAMFILES>Web FrogWebFrog.FirstRun.exe".
  • The file at "<$PROGRAMFILES>Web FrogWebFrog.ico".
  • The file at "<$PROGRAMFILES>Web FrogWebFrogBHO.dll".
  • The file at "<$PROGRAMFILES>Web FrogWebFroguninstall.exe".
Make sure you set your file manager to display hidden and system files. If Ad.WebFrog uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>Web Frogbinplugins".
  • The directory at "<$PROGRAMFILES>Web Frogbin".
  • The directory at "<$PROGRAMFILES>Web Frog".
Make sure you set your file manager to display hidden and system files. If Ad.WebFrog uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{08F912CE-C6DF-4557-99E3-90FDE95EB1A5}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{2840C6AA-D471-468E-98F7-C316A1E444EB}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{96850e3d-7a6b-49ff-b395-31430016c5ed}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{96850e3d-7a6b-49ff-b395-31430016c5ed}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Chrome" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry key "Firefox" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry key "Firefox" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry key "Internet Explorer" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry key "Update WebFrog" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update WebFrog" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update WebFrog" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "Web Frog" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Web Frog" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Web Frog" at "HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry value "iid" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareWeb Frog".
If Ad.WebFrog uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.ViewPlay

The following instructions have been created to help you to get rid of "Ad.ViewPlay" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.ViewPlay is a browser add-on that displays advertisements and sponsored links.
Privacy Statement:
http://www.viewplay.net/Privacy
Links (be careful!):
: ttp://www.viewplay.net
: ttp://wwwviewplaynet-a.akamaihd.net/
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BOAS.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Bromon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BroStats.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BRT.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.DspSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.ExpExt.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.FeSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.OfSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Repmon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinutilViewPlay.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOAS.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BrowserFilter.Helper.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.ExpExt.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBA.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBAApp.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>ViewPlayupdater.exe".
  • The file at "<$PROGRAMFILES>ViewPlayupdateViewPlay.exe".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.Common.dll".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.FirstRun.exe".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.ico".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayBHO.7z".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayBHO.dll".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayFR.7z".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayuninstall.exe".
Make sure you set your file manager to display hidden and system files. If Ad.ViewPlay uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>ViewPlaybinplugins".
  • The directory at "<$PROGRAMFILES>ViewPlaybin".
  • The directory at "<$PROGRAMFILES>ViewPlay".
Make sure you set your file manager to display hidden and system files. If Ad.ViewPlay uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{6336aaf8-3481-495b-bb79-70deb1f1590d}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6336aaf8-3481-495b-bb79-70deb1f1590d}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{BB412D2C-F5A0-442B-8923-9109CE207B2A}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{DB2BC9D8-FE5A-4D34-9340-40054F0A44FE}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "viewplay.net" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "ViewPlay" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "ViewPlay" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareViewPlay".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareViewPlay".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareViewPlay".
If Ad.ViewPlay uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.UtilDanawa

The following instructions have been created to help you to get rid of "Ad.UtilDanawa" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware

Description:
Ad.UtilDanawa downloads and installs several Korean adware or PUPS.
Removal Instructions:

Desktop:

Important: There are more desktop links that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Quicklaunch area:

Important: There are more quicklaunch items that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.
  • Entries named "UtilDanawa" and pointing to "<$PROGRAMFILES>UtilDanawaUtilDanawa?.exe*".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>UtilDanawaUninstall.exe".
  • The file at "<$PROGRAMFILES>UtilDanawaUTDown.exe".
  • The file at "<$PROGRAMFILES>UtilDanawaUTDown2.exe".
  • The file at "<$PROGRAMFILES>UtilDanawaUTUp.exe".
  • The file at "<$PROGRAMFILES>UtilDanawaversion.cab".
  • The file at "<$SYSDIR>UtilDanawa.ico".
Make sure you set your file manager to display hidden and system files. If Ad.UtilDanawa uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>UtilDanawa".
Make sure you set your file manager to display hidden and system files. If Ad.UtilDanawa uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • A key in HKEY_CLASSES_ROOT named "UtilDanawaCtrl.UtilDanawa.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "UtilDanawaCtrl.UtilDanawa", plus associated values.
  • Delete the registry key "{1EFCE84D-F033-424A-98EC-509CBF814EED}" at "HKEY_CLASSES_ROOTAppID".
  • Delete the registry key "{2130339C-A739-46B4-989D-CC8031A4B62E}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{253BEEDD-2B63-48EC-8AEA-8297BAD9452C}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{289B55CF-913A-4857-8F71-6D17B09267E6}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{289B55CF-913A-4857-8F71-6D17B09267E6}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{2C2B0F57-51F2-4d1d-9A90-B3249BA0CEE4}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{2C2B0F57-51F2-4D1D-9A90-B3249BA0CEE4}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{33297377-1A0F-4cfd-A866-EFDA4866A194}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{33297377-1A0F-4CFD-A866-EFDA4866A194}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{3AD6477B-6AB0-4770-9808-C3245346BD45}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{3AD6477B-6AB0-4770-9808-C3245346BD45}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{4855AC5F-ADB6-40D2-A6D7-7C7247D0A4DE}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{600A635A-7003-4347-BAC1-254A8F935B1A}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{600A635A-7003-4347-BAC1-254A8F935B1A}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{7781A959-A6BF-4dcc-928B-E5AF9ED668D7}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{7781A959-A6BF-4DCC-928B-E5AF9ED668D7}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{84BADA55-2BC1-4319-9BD3-1A5EE01EE1D8}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{84BADA55-2BC1-4319-9BD3-1A5EE01EE1D8}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{945D8B13-529C-43e8-B4ED-E7535CCDD2F7}" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExtensions".
  • Delete the registry key "{945D8B13-529C-43E8-B4ED-E7535CCDD2F7}" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExtStats".
  • Delete the registry key "{D0C0E513-8BC6-4FB7-BEF6-9652AFC9027B}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "UtilDanawa" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "UtilDanawaCtrl.DLL" at "HKEY_CLASSES_ROOTAppID".
If Ad.UtilDanawa uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Browser:

The following browser plugins or items can either be removed directly in your browser, or through the help of e.g. Spybot-S&D or RunAlyzer.
  • Please check your bookmarks for links to "downbomul.com".

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SearchFoot

The following instructions have been created to help you to get rid of "Ad.SearchFoot" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.SearchFoot claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.
Privacy Statement:
http://www.searchfoot.net/Privacy
Links (be careful!):
: ttp://searchfoot.net/
: ttp://www.searchfoot.net/
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • A file with an unknown location named "{5e1eb58a-cd04-42a5-b710-2b964d2a3d50}.xpi".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BOAS.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.Bromon.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BroStats.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.BRT.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.DspSvc.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.ExpExt.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.FeSvc.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.OfSvc.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinpluginsSearchFoot.Repmon.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.BOAS.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.ExpExt.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFoot.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFootBA.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFootBAApp.dll".
  • The file at "<$PROGRAMFILES>SearchFootbinSearchFootBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>SearchFootbinutilSearchFoot.exe".
  • The file at "<$PROGRAMFILES>SearchFootSearchFoot.Common.dll".
  • The file at "<$PROGRAMFILES>SearchFootSearchFoot.FirstRun.exe".
  • The file at "<$PROGRAMFILES>SearchFootSearchFoot.ico".
  • The file at "<$PROGRAMFILES>SearchFootSearchFootBHO.dll".
  • The file at "<$PROGRAMFILES>SearchFootSearchFootuninstall.exe".
  • The file at "<$PROGRAMFILES>SearchFootupdater.exe".
  • The file at "<$PROGRAMFILES>SearchFootupdateSearchFoot.exe".
Make sure you set your file manager to display hidden and system files. If Ad.SearchFoot uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>SearchFootbinplugins".
  • The directory at "<$PROGRAMFILES>SearchFootbin".
  • The directory at "<$PROGRAMFILES>SearchFoot".
Make sure you set your file manager to display hidden and system files. If Ad.SearchFoot uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "SearchFoot" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "SearchFoot" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update SearchFoot" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update SearchFoot" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update SearchFoot" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareSearchFoot".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareSearchFoot".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareSearchFoot".
If Ad.SearchFoot uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.MarketResearchHelper

The following instructions have been created to help you to get rid of "Ad.MarketResearchHelper" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.MarketResearchHelper claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.
Privacy Statement:
http://marketresearchhelper.com/Privacy
Links (be careful!):
: ttp://marketresearchhelper.com/
: ttp://www.marketresearchhelper.com/
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • A file with an unknown location named "{d524939d-dcea-4579-a3d0-67758ac2ff8e}.xpi".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.BOAS.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.ExpExt.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelper.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelperBA.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelperBAApp.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinMarketResearchHelperBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BOAS.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.Bromon.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BroStats.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.BRT.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.DspSvc.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.ExpExt.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.FeSvc.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.OfSvc.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinpluginsMarketResearchHelper.Repmon.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperbinutilMarketResearchHelper.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperMarketResearchHelper.Common.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperMarketResearchHelper.FirstRun.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperMarketResearchHelper.ico".
  • The file at "<$PROGRAMFILES>MarketResearchHelperMarketResearchHelperBHO.dll".
  • The file at "<$PROGRAMFILES>MarketResearchHelperMarketResearchHelperUninstall.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperupdateMarketResearchHelper.exe".
  • The file at "<$PROGRAMFILES>MarketResearchHelperupdater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.MarketResearchHelper uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>MarketResearchHelperbinplugins".
  • The directory at "<$PROGRAMFILES>MarketResearchHelperbin".
  • The directory at "<$PROGRAMFILES>MarketResearchHelper".
Make sure you set your file manager to display hidden and system files. If Ad.MarketResearchHelper uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{085C4D33-AB97-4165-9275-6174CF6B530D}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{2ACC2EF3-B127-4F5B-B18C-47763737CB19}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{e71ecfaa-158b-4027-9a01-1959834a82db}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{e71ecfaa-158b-4027-9a01-1959834a82db}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Chrome" at "HKEY_LOCAL_MACHINESOFTWAREMarketResearchHelper".
  • Delete the registry key "Firefox" at "HKEY_CURRENT_USERSoftwareMarketResearchHelper".
  • Delete the registry key "Firefox" at "HKEY_LOCAL_MACHINESOFTWAREMarketResearchHelper".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareMarketResearchHelper".
  • Delete the registry key "Internet Explorer" at "HKEY_LOCAL_MACHINESOFTWAREMarketResearchHelper".
  • Delete the registry key "MarketResearchHelper" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "MarketResearchHelper" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "MarketResearchHelper" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Update MarketResearchHelper" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update MarketResearchHelper" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update MarketResearchHelper" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareMarketResearchHelper".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareMarketResearchHelper".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareMarketResearchHelper".
If Ad.MarketResearchHelper uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.LinkiDoo

The following instructions have been created to help you to get rid of "Ad.LinkiDoo" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.LinkiDoo claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.
Links (be careful!):
: ttp://linkidoo.biz
: ttp://www.linkidoo.biz
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • A file with an unknown location named "{75edaf6c-4dcf-4f61-a079-f7488c24b3d9}.xpi".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.BOAS.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.ExpExt.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDoo.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDooBA.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDooBAApp.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinLinkiDooBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BOAS.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.Bromon.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BroStats.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.BRT.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.DspSvc.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.ExpExt.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.FeSvc.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.OfSvc.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinpluginsLinkiDoo.Repmon.dll".
  • The file at "<$PROGRAMFILES>LinkiDoobinutilLinkiDoo.exe".
  • The file at "<$PROGRAMFILES>LinkiDooLinkiDoo.Common.dll".
  • The file at "<$PROGRAMFILES>LinkiDooLinkiDoo.FirstRun.exe".
  • The file at "<$PROGRAMFILES>LinkiDooLinkiDoo.ico".
  • The file at "<$PROGRAMFILES>LinkiDooLinkiDooBHO.dll".
  • The file at "<$PROGRAMFILES>LinkiDooLinkiDoouninstall.exe".
  • The file at "<$PROGRAMFILES>LinkiDoonedmkhahhppfofnniinaggmabnngddjk.crx".
  • The file at "<$PROGRAMFILES>LinkiDooupdateLinkiDoo.exe".
  • The file at "<$PROGRAMFILES>LinkiDooupdater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.LinkiDoo uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnedmkhahhppfofnniinaggmabnngddjk1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsnedmkhahhppfofnniinaggmabnngddjk".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsnedmkhahhppfofnniinaggmabnngddjk".
  • The directory at "<$PROGRAMFILES>LinkiDoobinplugins".
  • The directory at "<$PROGRAMFILES>LinkiDoobin".
  • The directory at "<$PROGRAMFILES>LinkiDoo".
Make sure you set your file manager to display hidden and system files. If Ad.LinkiDoo uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{1F87D8B1-BC1F-435E-9290-EC13863DCAE9}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{5c11f47a-dbf7-4d5f-94a0-f747ce85e935}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{5c11f47a-dbf7-4d5f-94a0-f747ce85e935}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{CD239C93-5F6B-48DD-8CE0-FD7F8F62BBBE}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "LinkiDoo" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "LinkiDoo" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "LinkiDoo" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Update LinkiDoo" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update LinkiDoo" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update LinkiDoo" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "drp" at "HKEY_LOCAL_MACHINESOFTWARELinkiDoo".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareLinkiDoo".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareLinkiDoo".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareLinkiDoo".
If Ad.LinkiDoo uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Fix for System Scan freeze on Zlob.ZipCodec

Many users have recently been affected by a feature in the Spybot program that caused the scanner to freeze on the final file of the scan, and the “Settings” button in the Start Center to become unresponsive.

We are happy to announce that we now have a solution for this issue. If you have experienced this issue and have not been sent this fix, please download and run this small installer.

The installer will replace the file we found was causing the issue.

More information on this can be found here.

Manual Removal Guide for Ad.ResultsAlpha

The following instructions have been created to help you to get rid of "Ad.ResultsAlpha" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.ResultsAlpha claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.
Privacy Statement:
http://www.resultsalpha.net/Privacy
Links (be careful!):
: ttp://resultsalpha.net
: ttp://www.resultsalpha.net/
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • A file with an unknown location named "{f727685b-ed90-4adc-8eec-8234574a91e6}.xpi".
  • The file at "<$PROGRAMFILES>ResultsAlphaaaokmnpaoippoclepikifeegeknpopea.crx".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BOAS.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.Bromon.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BroStats.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.BRT.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.DspSvc.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.ExpExt.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.FeSvc.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.OfSvc.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinpluginsResultsAlpha.Repmon.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.BOAS.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.ExpExt.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlpha.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlphaBA.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlphaBAApp.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphabinResultsAlphaBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphabinutilResultsAlpha.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphaResultsAlpha.Common.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphaResultsAlpha.FirstRun.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphaResultsAlpha.ico".
  • The file at "<$PROGRAMFILES>ResultsAlphaResultsAlphaBHO.dll".
  • The file at "<$PROGRAMFILES>ResultsAlphaResultsAlphauninstall.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphaupdater.exe".
  • The file at "<$PROGRAMFILES>ResultsAlphaupdateResultsAlpha.exe".
Make sure you set your file manager to display hidden and system files. If Ad.ResultsAlpha uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsaaokmnpaoippoclepikifeegeknpopea1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsaaokmnpaoippoclepikifeegeknpopea".
  • The directory at "<$PROGRAMFILES>ResultsAlphabinplugins".
  • The directory at "<$PROGRAMFILES>ResultsAlphabin".
  • The directory at "<$PROGRAMFILES>ResultsAlpha".
Make sure you set your file manager to display hidden and system files. If Ad.ResultsAlpha uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{B01A1DA4-813F-44BD-B544-77E5DA7EB5A8}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{cbab673a-a480-4050-bd2b-5de24a7a0282}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{cbab673a-a480-4050-bd2b-5de24a7a0282}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{F631E34D-23D3-4ED2-8942-631B8AAF9EA4}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareResultsAlpha".
  • Delete the registry key "resultsalpha.net" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "ResultsAlpha" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "ResultsAlpha" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update ResultsAlpha" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update ResultsAlpha" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update ResultsAlpha" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareResultsAlpha".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareResultsAlpha".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareResultsAlpha".
If Ad.ResultsAlpha uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.Kazy

The following instructions have been created to help you to get rid of "Win32.Kazy" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • trojan

Description:
Win32.Kazy copies several malicious library files into the program directory and installs a BHO without giving the user a possibility to cancel that process.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$SYSDIR>bnsspx.dll".
  • The file at "<$SYSDIR>BNSUpdata.exe".
  • The file at "<$SYSDIR>gyblack.lst".
Make sure you set your file manager to display hidden and system files. If Win32.Kazy uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Outobox

The following instructions have been created to help you to get rid of "Ad.Outobox" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.Outobox claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://outobox.net/Privacy

Links (be careful!):

: ttp://outobox.net

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "firefox@outobox.net.xpi".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.BOAS.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.ExpExt.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutobox.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>outoboxbinoutoboxBA.dll".
  • The file at "<$PROGRAMFILES>outoboxbinoutoboxBAApp.dll".
  • The file at "<$PROGRAMFILES>outoboxbinoutoboxBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BOAS.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.Bromon.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BroStats.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.BRT.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.DspSvc.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.ExpExt.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.FeSvc.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.OfSvc.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>outoboxbinpluginsoutobox.Repmon.dll".
  • The file at "<$PROGRAMFILES>outoboxbinutiloutobox.exe".
  • The file at "<$PROGRAMFILES>outoboxfjpdnoojnohifgekbkmnfbiobhcbedka.crx".
  • The file at "<$PROGRAMFILES>outoboxoutobox.Common.dll".
  • The file at "<$PROGRAMFILES>outoboxoutobox.FirstRun.exe".
  • The file at "<$PROGRAMFILES>outoboxoutobox.ico".
  • The file at "<$PROGRAMFILES>outoboxoutoboxBHO.dll".
  • The file at "<$PROGRAMFILES>outoboxoutoboxuninstall.exe".
  • The file at "<$PROGRAMFILES>outoboxupdateoutobox.exe".
  • The file at "<$PROGRAMFILES>outoboxupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.Outobox uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>outoboxbinplugins".
  • The directory at "<$PROGRAMFILES>outoboxbin".
  • The directory at "<$PROGRAMFILES>outobox".

Make sure you set your file manager to display hidden and system files. If Ad.Outobox uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "{1EB0A0B0-CABB-495C-A85A-7C8F891799C7}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{30f06672-0e95-41a9-80cb-dee386af99ad}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{30f06672-0e95-41a9-80cb-dee386af99ad}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{B1290521-AB01-40EB-B993-AD122BEFC9E2}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "outobox" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "outobox" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update outobox" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update outobox" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update outobox" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareoutobox".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareoutobox".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareoutobox".

If Ad.Outobox uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.InfoTrigger

The following instructions have been created to help you to get rid of "Ad.InfoTrigger" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

  • adware
  • bho

Description:

Ad.InfoTrigger claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.

Privacy Statement:

http://www.infotrigger.net/Privacy

Links (be careful!):

: ttp://www.infotrigger.net/
: ttp://www.infotrigger.net/Download

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

  • A file with an unknown location named "{513fd515-8786-4d45-8e8e-065f42ad6a66}.xpi".
  • The file at "<$PROGRAMFILES>Info TriggerbinutilInfoTrigger.exe".
  • The file at "<$PROGRAMFILES>Info TriggerInfoTrigger.ico".
  • The file at "<$PROGRAMFILES>Info TriggerInfoTriggerBHO.dll".
  • The file at "<$PROGRAMFILES>Info TriggerupdateInfoTrigger.exe".
  • The file at "<$PROGRAMFILES>Info Triggerupdater.exe".

Make sure you set your file manager to display hidden and system files. If Ad.InfoTrigger uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

  • The directory at "<$PROGRAMFILES>Info Triggerbinplugins".
  • The directory at "<$PROGRAMFILES>Info Triggerbin".
  • The directory at "<$PROGRAMFILES>Info Trigger".

Make sure you set your file manager to display hidden and system files. If Ad.InfoTrigger uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

  • Delete the registry key "infotrigger.net" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "InfoTrigger" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".

If Ad.InfoTrigger uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.DoughGo

The following instructions have been created to help you to get rid of "Ad.DoughGo" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.DoughGo is a browser add-on that displays advertisements and sponsored links.
Privacy Statement:
http://www.doughgo.biz/Privacy
Links (be careful!):
: ttp://www.doughgo.biz
: ttp://wwwdoughgobiz-a.akamaihd.net/favicon.ico
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • A file with an unknown location named "{735c7dda-e3b7-44f2-8521-a39cc0d289b2}.xpi".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.BOAS.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.ExpExt.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGo.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGoBA.dll".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGoBAApp.dll".
  • The file at "<$PROGRAMFILES>DoughGobinDoughGoBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BOAS.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.Bromon.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BroStats.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.BRT.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.DspSvc.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.ExpExt.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.FeSvc.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.OfSvc.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>DoughGobinpluginsDoughGo.Repmon.dll".
  • The file at "<$PROGRAMFILES>DoughGobinutilDoughGo.exe".
  • The file at "<$PROGRAMFILES>DoughGoDoughGo.Common.dll".
  • The file at "<$PROGRAMFILES>DoughGoDoughGo.FirstRun.exe".
  • The file at "<$PROGRAMFILES>DoughGoDoughGo.ico".
  • The file at "<$PROGRAMFILES>DoughGoDoughGoBHO.dll".
  • The file at "<$PROGRAMFILES>DoughGoDoughGouninstall.exe".
  • The file at "<$PROGRAMFILES>DoughGoupdateDoughGo.exe".
  • The file at "<$PROGRAMFILES>DoughGoupdater.exe".
  • The file at "<$SYSDIR>drivers{735c7dda-e3b7-44f2-8521-a39cc0d289b2}w64.sys".
Make sure you set your file manager to display hidden and system files. If Ad.DoughGo uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>DoughGobinplugins".
  • The directory at "<$PROGRAMFILES>DoughGobin".
  • The directory at "<$PROGRAMFILES>DoughGo".
Make sure you set your file manager to display hidden and system files. If Ad.DoughGo uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "DoughGo" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "DoughGo" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update DoughGo" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update DoughGo" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update DoughGo" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareDoughGo".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareDoughGo".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareDoughGo".
If Ad.DoughGo uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SeekApp

The following instructions have been created to help you to get rid of "Ad.SeekApp" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.SeekApp installs program files and a browser extension in order to display advertising content.
Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.
  • Products that have a key or property named "Seekapp".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$COMMONAPPDATA>Seekappseekapp132.exe".
  • The file at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}chrome.manifest".
  • The file at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}chromeseekapp.jar".
  • The file at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}defaultspreferencesprefs.js".
  • The file at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}install.rdf".
  • The file at "<$PROGRAMFILES>Mozilla Firefoxsearchpluginsseekapp132.xml".
  • The file at "<$PROGRAMFILES>Seekappreadme.html".
  • The file at "<$PROGRAMFILES>Seekappseekapp.dll".
  • The file at "<$PROGRAMFILES>Seekappseekapp.exe".
  • The file at "<$PROGRAMFILES>Seekappuninstall.exe".
Make sure you set your file manager to display hidden and system files. If Ad.SeekApp uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$COMMONAPPDATA>Seekapp".
  • The directory at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}chrome".
  • The directory at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}defaultspreferences".
  • The directory at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}defaults".
  • The directory at "<$PROGRAMFILES>Mozilla Firefoxextensions{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}".
  • The directory at "<$PROGRAMFILES>Seekapp".
Make sure you set your file manager to display hidden and system files. If Ad.SeekApp uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "Seekapp Service" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Seekapp Service" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Seekapp Service" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "Seekapp" at "HKEY_LOCAL_MACHINESOFTWARE".
If Ad.SeekApp uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.ViewPlay

The following instructions have been created to help you to get rid of "Ad.ViewPlay" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.ViewPlay is a browser add-on that displays advertisements and sponsored links.
Privacy Statement:
http://www.viewplay.net/Privacy
Links (be careful!):
: ttp://www.viewplay.net
: ttp://wwwviewplaynet-a.akamaihd.net/
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BOAS.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Bromon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BroStats.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.BRT.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.DspSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.ExpExt.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.FeSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.OfSvc.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinpluginsViewPlay.Repmon.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinutilViewPlay.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOAS.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BrowserFilter.Helper.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.ExpExt.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlay.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBA.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBAApp.dll".
  • The file at "<$PROGRAMFILES>ViewPlaybinViewPlayBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>ViewPlayupdater.exe".
  • The file at "<$PROGRAMFILES>ViewPlayupdateViewPlay.exe".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.Common.dll".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.FirstRun.exe".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlay.ico".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayBHO.7z".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayBHO.dll".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayFR.7z".
  • The file at "<$PROGRAMFILES>ViewPlayViewPlayuninstall.exe".
Make sure you set your file manager to display hidden and system files. If Ad.ViewPlay uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>ViewPlaybinplugins".
  • The directory at "<$PROGRAMFILES>ViewPlaybin".
  • The directory at "<$PROGRAMFILES>ViewPlay".
Make sure you set your file manager to display hidden and system files. If Ad.ViewPlay uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{6336aaf8-3481-495b-bb79-70deb1f1590d}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{6336aaf8-3481-495b-bb79-70deb1f1590d}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{BB412D2C-F5A0-442B-8923-9109CE207B2A}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{DB2BC9D8-FE5A-4D34-9340-40054F0A44FE}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update ViewPlay" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "viewplay.net" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "ViewPlay" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "ViewPlay" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareViewPlay".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareViewPlay".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareViewPlay".
If Ad.ViewPlay uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.BeatTool

The following instructions have been created to help you to get rid of "Ad.BeatTool" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.BeatTool is a browser add-on that displays advertisements and sponsored links.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>BeatToolBeatTool.Common.dll".
  • The file at "<$PROGRAMFILES>BeatToolBeatTool.FirstRun.exe".
  • The file at "<$PROGRAMFILES>BeatToolBeatTool.ico".
  • The file at "<$PROGRAMFILES>BeatToolBeatToolBHO.dll".
  • The file at "<$PROGRAMFILES>BeatToolBeatTooluninstall.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.BOAS.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.ExpExt.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatTool.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatToolBA.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatToolBAApp.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinBeatToolBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BOAS.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.Bromon.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BroStats.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.BRT.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.DspSvc.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.ExpExt.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.FeSvc.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.OfSvc.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinpluginsBeatTool.Repmon.dll".
  • The file at "<$PROGRAMFILES>BeatToolbinutilBeatTool.exe".
  • The file at "<$PROGRAMFILES>BeatToolobbbnginlkhognibkekkopkfhjcelkio.crx".
  • The file at "<$PROGRAMFILES>BeatToolupdateBeatTool.exe".
  • The file at "<$PROGRAMFILES>BeatToolupdater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.BeatTool uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsobbbnginlkhognibkekkopkfhjcelkio1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsobbbnginlkhognibkekkopkfhjcelkio".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsobbbnginlkhognibkekkopkfhjcelkio".
  • The directory at "<$PROGRAMFILES>BeatToolbinplugins".
  • The directory at "<$PROGRAMFILES>BeatToolbin".
  • The directory at "<$PROGRAMFILES>BeatTool".
Make sure you set your file manager to display hidden and system files. If Ad.BeatTool uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{6AEA7031-A51D-403C-A72F-FD30BEA99B5B}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{7B325B67-96F6-415B-9103-254F1A023232}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{95ffef7e-d5b7-4afb-9b49-da6f9ee962d0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{95ffef7e-d5b7-4afb-9b49-da6f9ee962d0}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "BeatTool" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "BeatTool" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update BeatTool" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update BeatTool" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update BeatTool" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareBeatTool".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareBeatTool".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareBeatTool".
If Ad.BeatTool uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Win32.DarkKomet

The following instructions have been created to help you to get rid of "Win32.DarkKomet" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • trojan

Description:
Win32.DarkKomet is a Remote Access Tool which copies itself into the appdata directory and creates an autorun entry along with other registry changes.
Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.
  • Entries named "DarkComet RAT" and pointing to "*.exe*".
  • Entries named "DarkComet RAT" and pointing to "<$PERSONAL>DCSCMINIMDCSC.exe".
  • Entries named "HKCU" and pointing to "<$SYSDIR>Avira.exe".
  • Entries named "HKLM" and pointing to "<$SYSDIR>Avira.exe".

Important: There are more autorun entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PERSONAL>DCSCMINIMDCSC.exe".
  • The file at "<$SYSDIR>Avira.exe".
Make sure you set your file manager to display hidden and system files. If Win32.DarkKomet uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PERSONAL>DCSCMIN".
Make sure you set your file manager to display hidden and system files. If Win32.DarkKomet uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{775H8T7N-A5A6-W00C-Y08I-6P5Y2VU4N2M8}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components".
  • Delete the registry value "NewIdentification" at "HKEY_CURRENT_USERSoftwareAvira".
  • Delete the registry value "Policies" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun".
  • Delete the registry value "Policies" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun".
  • Remove "<$PERSONAL>DCSCMINIMDCSC.exe" from registry value "Userinit" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon".
  • Remove "<regexpr>[0-9//] -- [0-9/:] " from registry value "FirstExecution" at "HKEY_CURRENT_USERSoftwareAvira".
If Win32.DarkKomet uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SwiftBrowse

The following instructions have been created to help you to get rid of "Ad.SwiftBrowse" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.SwiftBrowse is a browser add-on that displays advertisements and sponsored links.
Privacy Statement:
http://swiftbrowse.net/Privacy
Links (be careful!):
: ttp://swiftbrowse.net
: ttp://swiftbrowse.net/Download
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$LOCALAPPDATA>tempswiftbrowse_s3.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.BOAS.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.Bromon.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.BroStats.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.BRT.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.DspSvc.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.ExpExt.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.FeSvc.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.OfSvc.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinpluginsSwiftBrowse.Repmon.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowse.BOAS.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowse.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowse.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowse.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowse.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowse.ExpExt.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowse.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowse.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowseBA.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowseBAApp.dll".
  • The file at "<$PROGRAMFILES>Swift BrowsebinSwiftBrowseBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>Swift BrowsebinutilSwiftBrowse.exe".
  • The file at "<$PROGRAMFILES>Swift Browsejgapglgghagmhogfjkdlnnmbdfddeedb.crx".
  • The file at "<$PROGRAMFILES>Swift BrowseSwiftBrowse.Common.dll".
  • The file at "<$PROGRAMFILES>Swift BrowseSwiftBrowse.FirstRun.exe".
  • The file at "<$PROGRAMFILES>Swift BrowseSwiftBrowse.ico".
  • The file at "<$PROGRAMFILES>Swift BrowseSwiftBrowseBHO.dll".
  • The file at "<$PROGRAMFILES>Swift BrowseSwiftBrowseOPC.exe".
  • The file at "<$PROGRAMFILES>Swift BrowseSwiftBrowseozr.exe".
  • The file at "<$PROGRAMFILES>Swift BrowseSwiftBrowseuninstall.exe".
  • The file at "<$PROGRAMFILES>Swift Browseupdater.exe".
  • The file at "<$PROGRAMFILES>Swift BrowseupdateSwiftBrowse.exe".
Make sure you set your file manager to display hidden and system files. If Ad.SwiftBrowse uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>Swift Browsebinplugins".
  • The directory at "<$PROGRAMFILES>Swift Browsebin".
  • The directory at "<$PROGRAMFILES>Swift Browse".
Make sure you set your file manager to display hidden and system files. If Ad.SwiftBrowse uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{47ADEAA5-2986-44B2-A914-5D8516E58443}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{79F2E347-1D36-4E2E-A676-76550A20D541}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{808dc83c-d35b-4fba-a5b5-9a52103204df}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{808dc83c-d35b-4fba-a5b5-9a52103204df}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "SwiftBrowse" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "SwiftBrowse" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update SwiftBrowse" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update SwiftBrowse" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update SwiftBrowse" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
If Ad.SwiftBrowse uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.RavingReyven

The following instructions have been created to help you to get rid of "Ad.RavingReyven" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.RavingReyven is a browser add-on that displays advertisements and sponsored links.
Links (be careful!):
: ttp://wwwravingreyvenm-a.akamaihd.net
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.BOAS.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.Bromon.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.BroStats.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.BrowserFilter.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.BRT.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.DspSvc.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.ExpExt.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.FeSvc.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.OfSvc.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinpluginsravingreyven.Repmon.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyven.BOAS.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyven.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyven.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyven.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyven.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyven.ExpExt.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyven.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyven.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyvenBA.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyvenBAApp.dll".
  • The file at "<$PROGRAMFILES>raving reyvenbinravingreyvenBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>raving reyvenbinutilravingreyven.exe".
  • The file at "<$PROGRAMFILES>raving reyvenravingreyven.Common.dll".
  • The file at "<$PROGRAMFILES>raving reyvenravingreyven.FirstRun.exe".
  • The file at "<$PROGRAMFILES>raving reyvenravingreyven.ico".
  • The file at "<$PROGRAMFILES>raving reyvenravingreyvenBHO.dll".
  • The file at "<$PROGRAMFILES>raving reyvenravingreyvenuninstall.exe".
  • The file at "<$PROGRAMFILES>raving reyvenupdater.exe".
  • The file at "<$PROGRAMFILES>raving reyvenupdateravingreyven.exe".
Make sure you set your file manager to display hidden and system files. If Ad.RavingReyven uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>raving reyvenbinplugins".
  • The directory at "<$PROGRAMFILES>raving reyvenbin".
  • The directory at "<$PROGRAMFILES>raving reyven".
Make sure you set your file manager to display hidden and system files. If Ad.RavingReyven uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "raving reyven" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "raving reyven" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update raving reyven" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update raving reyven" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update raving reyven" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareraving reyven".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareraving reyven".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareraving reyven".
If Ad.RavingReyven uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.GrooveDock

The following instructions have been created to help you to get rid of "Ad.GrooveDock" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.GrooveDock is a browser add-on that displays advertisements and sponsored links.
Privacy Statement:
http://groovedock.net/Privacy
Links (be careful!):
: ttp://groovedock.net
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDock.BOAS.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDock.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDock.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDock.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDock.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDock.ExpExt.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDock.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDock.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDockBA.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDockBAApp.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinGrooveDockBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.BOAS.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.Bromon.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.BroStats.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.BRT.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.DspSvc.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.ExpExt.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.FeSvc.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.OfSvc.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinpluginsGrooveDock.Repmon.dll".
  • The file at "<$PROGRAMFILES>GrooveDockbinutilGrooveDock.exe".
  • The file at "<$PROGRAMFILES>GrooveDockGrooveDock.Common.dll".
  • The file at "<$PROGRAMFILES>GrooveDockGrooveDock.FirstRun.exe".
  • The file at "<$PROGRAMFILES>GrooveDockGrooveDock.ico".
  • The file at "<$PROGRAMFILES>GrooveDockGrooveDockBHO.dll".
  • The file at "<$PROGRAMFILES>GrooveDockGrooveDockuninstall.exe".
  • The file at "<$PROGRAMFILES>GrooveDockldhpeopkenpbohbeaohdhfgkjjjijneb.crx".
  • The file at "<$PROGRAMFILES>GrooveDockupdateGrooveDock.exe".
  • The file at "<$PROGRAMFILES>GrooveDockupdater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.GrooveDock uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsldhpeopkenpbohbeaohdhfgkjjjijneb1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsldhpeopkenpbohbeaohdhfgkjjjijneb".
  • The directory at "<$PROGRAMFILES>GrooveDockbinplugins".
  • The directory at "<$PROGRAMFILES>GrooveDockbin".
  • The directory at "<$PROGRAMFILES>GrooveDock".
Make sure you set your file manager to display hidden and system files. If Ad.GrooveDock uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{2859a0e0-fe33-407f-80c2-8bef77bdb439}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{2859a0e0-fe33-407f-80c2-8bef77bdb439}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{C690CCD2-2A9F-4D22-A9F4-B78AF92091F9}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{F2779EC2-8DFB-4894-B850-E4665D16AB3B}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "GrooveDock" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "GrooveDock" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update GrooveDock" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update GrooveDock" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update GrooveDock" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareGrooveDock".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareGrooveDock".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareGrooveDock".
If Ad.GrooveDock uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.SizlSearch

The following instructions have been created to help you to get rid of "Ad.SizlSearch" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.SizlSearch is a browser add-on that displays advertisements and sponsored links.
Links (be careful!):
: ttp://sizlsearch.net
: ttp://sizlsearch.net/Contact
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.BOAS.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.Bromon.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.BroStats.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.BRT.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.DspSvc.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.ExpExt.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.FeSvc.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.OfSvc.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinpluginssizlsearch.Repmon.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearch.BOAS.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearch.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearch.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearch.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearch.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearch.ExpExt.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearch.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearch.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearchBA.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearchBAApp.dll".
  • The file at "<$PROGRAMFILES>sizlsearchbinsizlsearchBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>sizlsearchbinutilsizlsearch.exe".
  • The file at "<$PROGRAMFILES>sizlsearchinglknhicnomibbnhdnhbkmncldebfcb.crx".
  • The file at "<$PROGRAMFILES>sizlsearchsizlsearch.Common.dll".
  • The file at "<$PROGRAMFILES>sizlsearchsizlsearch.FirstRun.exe".
  • The file at "<$PROGRAMFILES>sizlsearchsizlsearch.ico".
  • The file at "<$PROGRAMFILES>sizlsearchsizlsearchBHO.dll".
  • The file at "<$PROGRAMFILES>sizlsearchsizlsearchUn.exe".
  • The file at "<$PROGRAMFILES>sizlsearchsizlsearchuninstall.exe".
  • The file at "<$PROGRAMFILES>sizlsearchupdater.exe".
  • The file at "<$PROGRAMFILES>sizlsearchupdatesizlsearch.exe".
Make sure you set your file manager to display hidden and system files. If Ad.SizlSearch uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsinglknhicnomibbnhdnhbkmncldebfcb1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsinglknhicnomibbnhdnhbkmncldebfcb".
  • The directory at "<$PROGRAMFILES>sizlsearchbinplugins".
  • The directory at "<$PROGRAMFILES>sizlsearchbin".
  • The directory at "<$PROGRAMFILES>sizlsearch".
Make sure you set your file manager to display hidden and system files. If Ad.SizlSearch uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{15AE08DB-FBB7-4F64-9795-F14A1640F072}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{36d96925-abfa-4eb8-b630-305e905a930d}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{36d96925-abfa-4eb8-b630-305e905a930d}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{AD36574C-B9D6-4579-A839-8EABE783778B}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "sizlsearch" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "sizlsearch" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update sizlsearch" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update sizlsearch" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update sizlsearch" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwaresizlsearch".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwaresizlsearch".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwaresizlsearch".
If Ad.SizlSearch uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Laflurla

The following instructions have been created to help you to get rid of "Ad.Laflurla" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.Laflurla is a browser add-on that displays advertisements and sponsored links.
Privacy Statement:
http://www.laflurla.com/Privacy
Links (be careful!):
: ttp://www.laflurla.com/
: ttp://www.laflurla.com/Terms
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurla.BOAS.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurla.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurla.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurla.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurla.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurla.ExpExt.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurla.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurla.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurlaBA.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurlaBAApp.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinLaflurlaBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.BOAS.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.Bromon.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.BroStats.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.BRT.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.DspSvc.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.ExpExt.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.FeSvc.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.OfSvc.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinpluginsLaflurla.Repmon.dll".
  • The file at "<$PROGRAMFILES>LaflurlabinutilLaflurla.exe".
  • The file at "<$PROGRAMFILES>Laflurlafkmpjkomnpflaenmiccjmbkaapicalje.crx".
  • The file at "<$PROGRAMFILES>LaflurlaLaflurla.Common.dll".
  • The file at "<$PROGRAMFILES>LaflurlaLaflurla.FirstRun.exe".
  • The file at "<$PROGRAMFILES>LaflurlaLaflurla.ico".
  • The file at "<$PROGRAMFILES>LaflurlaLaflurla.xml".
  • The file at "<$PROGRAMFILES>LaflurlaLaflurlaBHO.dll".
  • The file at "<$PROGRAMFILES>LaflurlaLaflurlauninstall.exe".
  • The file at "<$PROGRAMFILES>LaflurlaupdateLaflurla.exe".
  • The file at "<$PROGRAMFILES>Laflurlaupdater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.Laflurla uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsfkmpjkomnpflaenmiccjmbkaapicalje1.0.1_0".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableExtensionsfkmpjkomnpflaenmiccjmbkaapicalje".
  • The directory at "<$APPDATA>Opera SoftwareOpera StableLocal Extension Settingsfkmpjkomnpflaenmiccjmbkaapicalje".
  • The directory at "<$PROGRAMFILES>Laflurlabinplugins".
  • The directory at "<$PROGRAMFILES>Laflurlabin".
  • The directory at "<$PROGRAMFILES>Laflurla".
Make sure you set your file manager to display hidden and system files. If Ad.Laflurla uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{50A6B23F-0055-41B7-AF2D-6689B24022A0}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{b4a89cd3-c5f5-49c4-abcf-5f26d636476f}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{b4a89cd3-c5f5-49c4-abcf-5f26d636476f}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{F1EC172A-3FEC-4FEF-A218-13F15E1B8C8D}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareLaflurla".
  • Delete the registry key "laflurla.com" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "Laflurla" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Laflurla" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update Laflurla" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Laflurla" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Laflurla" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareLaflurla".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareLaflurla".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareLaflurla".
If Ad.Laflurla uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for PU.PassFinder

The following instructions have been created to help you to get rid of "PU.PassFinder" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • pups

Description:
PU.PassFinder offers to install a Pass Finder or Pass Revelator application. In order to install this software a user has to purchase a code via SMS payment.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$LOCALSETTINGS>TempInfoTrig.exe".
  • The file at "<$LOCALSETTINGS>TempInfoTriggerSetup.exe".
Make sure you set your file manager to display hidden and system files. If PU.PassFinder uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Utilocean

The following instructions have been created to help you to get rid of "Ad.Utilocean" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware

Description:
Ad.Utilocean installs adware files of Korean origin into the program files directory. The 'Utilocean' autostart entry ensures restarting of this adware on every reboot.
Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.
  • Entries named "UtilOcean" and pointing to "<$PROGRAMFILES>Utilocean*.exe".
  • Entries named "UtilOcean" and pointing to "<$PROGRAMFILES>Utiloceanutiloceanup.exe".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>UtiloceanUninstall.exe".
  • The file at "<$PROGRAMFILES>UtiloceanUninstall.ini".
  • The file at "<$PROGRAMFILES>Utiloceanutiloceandn.exe".
  • The file at "<$PROGRAMFILES>Utiloceanutiloceanup.exe".
  • The file at "<$WINDIR>fileupinst.exe".
Make sure you set your file manager to display hidden and system files. If Ad.Utilocean uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>Utilocean".
Make sure you set your file manager to display hidden and system files. If Ad.Utilocean uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "utilocean" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Utilocean" at "HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "utiloceancc" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion".
If Ad.Utilocean uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.ProductivityPro

The following instructions have been created to help you to get rid of "Ad.ProductivityPro" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.ProductivityPro is a browser add-on that displays advertisements and sponsored links.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>productivitypro562B20E1-AA3B-4E6F-B1E4-129A1E115D4C.dll".
  • The file at "<$PROGRAMFILES>productivitypro7za.exe".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.BOAS.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.Bromon.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.BroStats.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.BRT.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.DspSvc.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.ExpExt.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.FeSvc.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.OfSvc.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>productivityprobinpluginsproductivitypro.Repmon.dll".
  • The file at "<$PROGRAMFILES>productivityprobinproductivitypro.BOAS.exe".
  • The file at "<$PROGRAMFILES>productivityprobinproductivitypro.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>productivityprobinproductivitypro.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>productivityprobinproductivitypro.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>productivityprobinproductivitypro.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>productivityprobinproductivitypro.ExpExt.exe".
  • The file at "<$PROGRAMFILES>productivityprobinproductivitypro.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>productivityprobinproductivitypro.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>productivityprobinproductivityproBA.dll".
  • The file at "<$PROGRAMFILES>productivityprobinproductivityproBAApp.dll".
  • The file at "<$PROGRAMFILES>productivityprobinproductivityproBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>productivityprobinutilproductivitypro.exe".
  • The file at "<$PROGRAMFILES>productivityproproductivitypro.Common.dll".
  • The file at "<$PROGRAMFILES>productivityproproductivitypro.FirstRun.exe".
  • The file at "<$PROGRAMFILES>productivityproproductivitypro.ico".
  • The file at "<$PROGRAMFILES>productivityproproductivityproBHO.dll".
  • The file at "<$PROGRAMFILES>productivityproproductivityproUninstall.exe".
  • The file at "<$PROGRAMFILES>productivityproupdateproductivitypro.exe".
  • The file at "<$PROGRAMFILES>productivityproupdater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.ProductivityPro uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>productivityprobinplugins".
  • The directory at "<$PROGRAMFILES>productivityprobin".
  • The directory at "<$PROGRAMFILES>productivitypro".
Make sure you set your file manager to display hidden and system files. If Ad.ProductivityPro uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{8a2c5e13-0350-4a01-aa66-9343849cff79}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{8a2c5e13-0350-4a01-aa66-9343849cff79}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{8C28EFEC-318A-4BDA-B8FB-95243BB5AC17}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{B770C4CE-9263-4066-8E83-46B1A2965427}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "Chrome" at "HKEY_LOCAL_MACHINESOFTWAREproductivitypro".
  • Delete the registry key "Firefox" at "HKEY_CURRENT_USERSoftwareproductivitypro".
  • Delete the registry key "Firefox" at "HKEY_LOCAL_MACHINESOFTWAREproductivitypro".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareproductivitypro".
  • Delete the registry key "Internet Explorer" at "HKEY_LOCAL_MACHINESOFTWAREproductivitypro".
  • Delete the registry key "productivitypro" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "productivitypro" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "productivitypro" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Update productivitypro" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update productivitypro" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update productivitypro" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareproductivitypro".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareproductivitypro".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareproductivitypro".
If Ad.ProductivityPro uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.PigSearch

The following instructions have been created to help you to get rid of "Ad.PigSearch" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware

Description:
Ad.PigSearch installs into the program files directory and provides search data to Chinese servers in order to display advertising.
Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.
  • Entries named "MoveSearch" and pointing to "<$PROGRAMFILES>wsearchSearch.exe".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>wsearch_uninstall".
  • The file at "<$PROGRAMFILES>wsearchallverx.dat".
  • The file at "<$PROGRAMFILES>wsearchMouse1.dll".
  • The file at "<$PROGRAMFILES>wsearchmUninstall.exe".
  • The file at "<$PROGRAMFILES>wsearchmupdate.exe".
  • The file at "<$PROGRAMFILES>wsearchSearch.exe".
  • The file at "<$PROGRAMFILES>wsearchSearchM.dll".
Make sure you set your file manager to display hidden and system files. If Ad.PigSearch uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>wsearch".
Make sure you set your file manager to display hidden and system files. If Ad.PigSearch uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • A key in HKEY_CLASSES_ROOT named "SearchM.Com.1", plus associated values.
  • A key in HKEY_CLASSES_ROOT named "SearchM.Com", plus associated values.
  • Delete the registry key "{594BE7B2-23B0-4FAE-A2B9-0C21CC1417CE}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{A07E6B9B-BB30-4381-A9D8-FABB0648BCEF}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{C5CE084B-31E0-4B34-A33A-82B4EA913CF8}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "Pig Move Search" at "HKEY_CURRENT_USERSoftware".
If Ad.PigSearch uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Norpalla

The following instructions have been created to help you to get rid of "Ad.Norpalla" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.Norpalla claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.
Privacy Statement:
http://wwwnorpallacom-a.akamaihd.net/Privacy
Links (be careful!):
: ttp://www.norpalla.com
: ttp://www.norpalla.com/favicon.ico
: ttp://wwwnorpallacom-a.akamaihd.net
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>NorpallabinNorpalla.BOAS.exe".
  • The file at "<$PROGRAMFILES>NorpallabinNorpalla.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>NorpallabinNorpalla.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>NorpallabinNorpalla.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>NorpallabinNorpalla.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>NorpallabinNorpalla.ExpExt.exe".
  • The file at "<$PROGRAMFILES>NorpallabinNorpalla.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>NorpallabinNorpalla.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>NorpallabinNorpallaBA.dll".
  • The file at "<$PROGRAMFILES>NorpallabinNorpallaBAApp.dll".
  • The file at "<$PROGRAMFILES>NorpallabinNorpallaBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.BOAS.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.Bromon.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.BroStats.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.BRT.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.DspSvc.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.ExpExt.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.FeSvc.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.OfSvc.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>NorpallabinpluginsNorpalla.Repmon.dll".
  • The file at "<$PROGRAMFILES>NorpallabinutilNorpalla.exe".
  • The file at "<$PROGRAMFILES>NorpallaNorpalla.Common.dll".
  • The file at "<$PROGRAMFILES>NorpallaNorpalla.FirstRun.exe".
  • The file at "<$PROGRAMFILES>NorpallaNorpalla.ico".
  • The file at "<$PROGRAMFILES>NorpallaNorpallaBHO.dll".
  • The file at "<$PROGRAMFILES>NorpallaNorpallauninstall.exe".
  • The file at "<$PROGRAMFILES>NorpallaupdateNorpalla.exe".
  • The file at "<$PROGRAMFILES>Norpallaupdater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.Norpalla uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>Norpallabinplugins".
  • The directory at "<$PROGRAMFILES>Norpallabin".
  • The directory at "<$PROGRAMFILES>Norpalla".
Make sure you set your file manager to display hidden and system files. If Ad.Norpalla uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "Norpalla" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Norpalla" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update Norpalla" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Norpalla" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Norpalla" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
If Ad.Norpalla uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Zebar

The following instructions have been created to help you to get rid of "Ad.Zebar" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.Zebar is a browser add-on that displays advertisements and sponsored links.
Privacy Statement:
http://www.metalzebar.com/Privacy
Links (be careful!):
: ttp://www.metalzebar.com/
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.BOAS.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.Bromon.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.BroStats.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.BRT.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.DspSvc.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.ExpExt.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.FeSvc.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.OfSvc.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>ZebarbinpluginsZebar.Repmon.dll".
  • The file at "<$PROGRAMFILES>ZebarbinutilZebar.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebar.BOAS.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebar.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebar.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebar.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebar.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebar.ExpExt.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebar.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebar.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>ZebarbinZebarBA.dll".
  • The file at "<$PROGRAMFILES>ZebarbinZebarBAApp.dll".
  • The file at "<$PROGRAMFILES>ZebarbinZebarBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>Zebarupdater.exe".
  • The file at "<$PROGRAMFILES>ZebarupdateZebar.exe".
  • The file at "<$PROGRAMFILES>ZebarZebar.Common.dll".
  • The file at "<$PROGRAMFILES>ZebarZebar.exe".
  • The file at "<$PROGRAMFILES>ZebarZebar.FirstRun.exe".
  • The file at "<$PROGRAMFILES>ZebarZebar.ico".
  • The file at "<$PROGRAMFILES>ZebarZebarBHO.dll".
  • The file at "<$PROGRAMFILES>ZebarZebaruninstall.exe".
Make sure you set your file manager to display hidden and system files. If Ad.Zebar uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>Zebarbinplugins".
  • The directory at "<$PROGRAMFILES>Zebarbin".
  • The directory at "<$PROGRAMFILES>Zebar".
Make sure you set your file manager to display hidden and system files. If Ad.Zebar uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "metalzebar.com" at "HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDOMStorage".
  • Delete the registry key "Update Zebar" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Zebar" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Zebar" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "Zebar" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Zebar" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
If Ad.Zebar uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.Yulasee

The following instructions have been created to help you to get rid of "Ad.Yulasee" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware

Description:
Ad.Yulasee claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.Bromon.dll".
  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.BroStats.dll".
  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.FeSvc.dll".
  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>YulabinpluginsYulasee.Repmon.dll".
  • The file at "<$PROGRAMFILES>YulabinutilYulasee.exe".
  • The file at "<$PROGRAMFILES>YulabinYulasee.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>YulabinYulasee.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>YulabinYulasee.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>YulabinYulaseeBA.dll".
  • The file at "<$PROGRAMFILES>YulabinYulaseeBAApp.dll".
  • The file at "<$PROGRAMFILES>Yulaupdater.exe".
  • The file at "<$PROGRAMFILES>YulaupdateYulasee.exe".
  • The file at "<$PROGRAMFILES>YulaYulasee.FirstRun.exe".
  • The file at "<$PROGRAMFILES>YulaYulasee.ico".
  • The file at "<$PROGRAMFILES>YulaYulaseebho.dll".
  • The file at "<$PROGRAMFILES>YulaYulaseeuninstall.exe".
Make sure you set your file manager to display hidden and system files. If Ad.Yulasee uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>Yulabinplugins".
  • The directory at "<$PROGRAMFILES>Yulabin".
  • The directory at "<$PROGRAMFILES>Yula".
Make sure you set your file manager to display hidden and system files. If Ad.Yulasee uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{9df76084-393c-4ad9-99b5-79e0a157895d}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9df76084-393c-4ad9-99b5-79e0a157895d}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Update Yula" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Yula" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Yula" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "Yula" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Yula" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Yula" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry value "drp" at "HKEY_LOCAL_MACHINESOFTWAREYula".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareYula".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareYula".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareYula".
If Ad.Yulasee uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.WebGet

The following instructions have been created to help you to get rid of "Ad.WebGet" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.WebGet is a browser add-on that displays advertisements and sponsored links.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>webgetbinpluginswebget.Bromon.dll".
  • The file at "<$PROGRAMFILES>webgetbinpluginswebget.BroStats.dll".
  • The file at "<$PROGRAMFILES>webgetbinpluginswebget.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>webgetbinpluginswebget.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>webgetbinpluginswebget.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>webgetbinpluginswebget.Repmon.dll".
  • The file at "<$PROGRAMFILES>webgetbinutilwebget.exe".
  • The file at "<$PROGRAMFILES>webgetbinwebget.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>webgetbinwebget.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>webgetbinwebget.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>webgetbinwebgetBA.dll".
  • The file at "<$PROGRAMFILES>webgetbinwebgetBAApp.dll".
  • The file at "<$PROGRAMFILES>webgetupdatewebget.exe".
  • The file at "<$PROGRAMFILES>webgetwebget.FirstRun.exe".
  • The file at "<$PROGRAMFILES>webgetwebget.ico".
  • The file at "<$PROGRAMFILES>webgetwebgetbho.dll".
  • The file at "<$PROGRAMFILES>webgetwebgetuninstall.exe".
Make sure you set your file manager to display hidden and system files. If Ad.WebGet uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>webgetbinplugins".
  • The directory at "<$PROGRAMFILES>webgetbin".
  • The directory at "<$PROGRAMFILES>webget".
Make sure you set your file manager to display hidden and system files. If Ad.WebGet uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{0a4aa078-e14f-4459-901a-d5f6acb22dd6}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{14f95421-c981-4820-954e-d83c8537f54c}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{14f95421-c981-4820-954e-d83c8537f54c}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{c55f8204-eff9-4ea1-b541-49253667eb29}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{dc264a72-fa75-4948-b881-ea8eff8e5dd2}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{dc264a72-fa75-4948-b881-ea8eff8e5dd2}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Update webget" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update webget" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update webget" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "webget" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "webget" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwarewebget".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwarewebget".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwarewebget".
If Ad.WebGet uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.WebFrog

The following instructions have been created to help you to get rid of "Ad.WebFrog" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.WebFrog is a browser add-on that displays advertisements and sponsored links.
Privacy Statement:
http://www.webfrog.co/Privacy
Links (be careful!):
: ttp://www.webfrog.co
: ttp://wwwwebfrogco-a.akamaihd.net
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BOAS.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.Bromon.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BroStats.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.BRT.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.DspSvc.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.ExpExt.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.FeSvc.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.OfSvc.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinpluginsWebFrog.Repmon.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinutilWebFrog.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BOAS.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.ExpExt.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrog.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrogBA.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrogBAApp.dll".
  • The file at "<$PROGRAMFILES>Web FrogbinWebFrogBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>Web Frogfirefox@webfrog.co.xpi".
  • The file at "<$PROGRAMFILES>Web Frogupdater.exe".
  • The file at "<$PROGRAMFILES>Web FrogupdateWebFrog.exe".
  • The file at "<$PROGRAMFILES>Web FrogWebFrog.Common.dll".
  • The file at "<$PROGRAMFILES>Web FrogWebFrog.FirstRun.exe".
  • The file at "<$PROGRAMFILES>Web FrogWebFrog.ico".
  • The file at "<$PROGRAMFILES>Web FrogWebFrogBHO.dll".
  • The file at "<$PROGRAMFILES>Web FrogWebFroguninstall.exe".
Make sure you set your file manager to display hidden and system files. If Ad.WebFrog uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>Web Frogbinplugins".
  • The directory at "<$PROGRAMFILES>Web Frogbin".
  • The directory at "<$PROGRAMFILES>Web Frog".
Make sure you set your file manager to display hidden and system files. If Ad.WebFrog uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{08F912CE-C6DF-4557-99E3-90FDE95EB1A5}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{2840C6AA-D471-468E-98F7-C316A1E444EB}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "{96850e3d-7a6b-49ff-b395-31430016c5ed}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{96850e3d-7a6b-49ff-b395-31430016c5ed}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "Chrome" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry key "Firefox" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry key "Firefox" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry key "Internet Explorer" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry key "Internet Explorer" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry key "Update WebFrog" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update WebFrog" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update WebFrog" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
  • Delete the registry key "Web Frog" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Web Frog" at "HKEY_LOCAL_MACHINESOFTWARE".
  • Delete the registry key "Web Frog" at "HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry value "id" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry value "iid" at "HKEY_CURRENT_USERSoftwareWeb Frog".
  • Delete the registry value "iid" at "HKEY_LOCAL_MACHINESOFTWAREWeb Frog".
  • Delete the registry value "is" at "HKEY_CURRENT_USERSoftwareWeb Frog".
If Ad.WebFrog uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.GreenerWeb

The following instructions have been created to help you to get rid of "Ad.GreenerWeb" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware

Description:
Ad.GreenerWeb is a browser add-on that displays advertisements and sponsored links.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>Greener Webbin{a3f28269-ad17-41a8-b032-3e0313ef8979}.dll".
  • The file at "<$PROGRAMFILES>Greener Webbin{a3f28269-ad17-41a8-b032-3e0313ef8979}64.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinGreenerWeb.BOAS.exe".
  • The file at "<$PROGRAMFILES>Greener WebbinGreenerWeb.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>Greener WebbinGreenerWeb.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>Greener WebbinGreenerWeb.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>Greener WebbinGreenerWeb.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>Greener WebbinGreenerWeb.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>Greener WebbinGreenerWebBA.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinGreenerWebBAApp.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsDizzyDing.DspSvc.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.BOAS.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.Bromon.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.BroStats.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.FeSvc.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.OfSvc.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinpluginsGreenerWeb.Repmon.dll".
  • The file at "<$PROGRAMFILES>Greener WebbinutilGreenerWeb.exe".
  • The file at "<$PROGRAMFILES>Greener WebGreenerWeb.FirstRun.exe".
  • The file at "<$PROGRAMFILES>Greener WebGreenerWeb.ico".
  • The file at "<$PROGRAMFILES>Greener WebGreenerWebbho.dll".
  • The file at "<$PROGRAMFILES>Greener WebGreenerWebUn.exe".
  • The file at "<$PROGRAMFILES>Greener WebGreenerWebuninstall.exe".
  • The file at "<$PROGRAMFILES>Greener WebupdateGreenerWeb.exe".
  • The file at "<$PROGRAMFILES>Greener Webupdater.exe".
  • The file at "<$SYSDIR>drivers{a3f28269-ad17-41a8-b032-3e0313ef8979}gt.sys".
Make sure you set your file manager to display hidden and system files. If Ad.GreenerWeb uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$LOCALSETTINGS>TempGreener Web".
  • The directory at "<$PROGRAMFILES>Greener Webbinplugins".
  • The directory at "<$PROGRAMFILES>Greener Webbin".
  • The directory at "<$PROGRAMFILES>Greener Web".
Make sure you set your file manager to display hidden and system files. If Ad.GreenerWeb uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{1973d53b-7311-45d7-8270-f44571c041a0}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{1973d53b-7311-45d7-8270-f44571c041a0}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "{3a1beabe-0dc5-4615-8099-83973b843c06}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{D95E57C2-53B3-4C38-BA1E-7980CB5E1803}" at "HKEY_CLASSES_ROOTInterface".
  • Delete the registry key "Greener Web" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "Greener Web" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update Greener Web" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update Greener Web" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update Greener Web" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
If Ad.GreenerWeb uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.GooterNet

The following instructions have been created to help you to get rid of "Ad.GooterNet" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware

Description:
Ad.GooterNet is a browser add-on that displays advertisements and sponsored links.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>gooternetbingooternet.BOAS.exe".
  • The file at "<$PROGRAMFILES>gooternetbingooternet.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>gooternetbingooternet.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>gooternetbingooternet.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>gooternetbingooternet.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>gooternetbingooternet.ExpExt.exe".
  • The file at "<$PROGRAMFILES>gooternetbingooternet.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>gooternetbingooternet.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>gooternetbingooternetBA.dll".
  • The file at "<$PROGRAMFILES>gooternetbingooternetBAApp.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.BOAS.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.Bromon.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.BroStats.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.BRT.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.ExpExt.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.FeSvc.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.OfSvc.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>gooternetbinpluginsgooternet.Repmon.dll".
  • The file at "<$PROGRAMFILES>gooternetbinutilgooternet.exe".
  • The file at "<$PROGRAMFILES>gooternetgooternet.FirstRun.exe".
  • The file at "<$PROGRAMFILES>gooternetgooternet.ico".
  • The file at "<$PROGRAMFILES>gooternetgooternetBHO.dll".
  • The file at "<$PROGRAMFILES>gooternetgooternetuninstall.exe".
  • The file at "<$PROGRAMFILES>gooternetupdategooternet.exe".
  • The file at "<$PROGRAMFILES>gooternetupdater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.GooterNet uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>gooternetbinplugins".
  • The directory at "<$PROGRAMFILES>gooternetbin".
  • The directory at "<$PROGRAMFILES>gooternet".
Make sure you set your file manager to display hidden and system files. If Ad.GooterNet uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{1e6ade05-77b7-43c7-84c8-f1562fff907b}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{9be122ba-2b3a-41fd-acf8-7a39b18d3ffe}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{9be122ba-2b3a-41fd-acf8-7a39b18d3ffe}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "gooternet" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "gooternet" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update gooternet" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update gooternet" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update gooternet" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
If Ad.GooterNet uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.DizzyDing

The following instructions have been created to help you to get rid of "Ad.DizzyDing" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware

Description:
Ad.DizzyDing is a browser add-on that displays advertisements and sponsored links.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDing.BOAS.exe".
  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDing.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDing.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDing.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDing.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDing.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDing.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDingBA.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinDizzyDingBAApp.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.BOAS.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.Bromon.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.BroStats.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.DspSvc.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.FeSvc.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.OfSvc.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinpluginsDizzyDing.Repmon.dll".
  • The file at "<$PROGRAMFILES>DizzyDingbinutilDizzyDing.exe".
  • The file at "<$PROGRAMFILES>DizzyDingDizzyDing.FirstRun.exe".
  • The file at "<$PROGRAMFILES>DizzyDingDizzyDing.ico".
  • The file at "<$PROGRAMFILES>DizzyDingDizzyDingbho.dll".
  • The file at "<$PROGRAMFILES>DizzyDingDizzyDingUn.exe".
  • The file at "<$PROGRAMFILES>DizzyDingDizzyDinguninstall.exe".
  • The file at "<$PROGRAMFILES>DizzyDingupdateDizzyDing.exe".
  • The file at "<$PROGRAMFILES>DizzyDingupdater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.DizzyDing uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>DizzyDingbinplugins".
  • The directory at "<$PROGRAMFILES>DizzyDingbin".
  • The directory at "<$PROGRAMFILES>DizzyDing".
Make sure you set your file manager to display hidden and system files. If Ad.DizzyDing uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{93db87b6-a253-470a-bbc6-81b8213ca42a}" at "HKEY_CLASSES_ROOTTypeLib".
  • Delete the registry key "{b57f3d1b-2f97-4686-b2dd-f2bc1ac645e2}" at "HKEY_CLASSES_ROOTCLSID".
  • Delete the registry key "{b57f3d1b-2f97-4686-b2dd-f2bc1ac645e2}" at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects".
  • Delete the registry key "DizzyDing" at "HKEY_CURRENT_USERSoftware".
  • Delete the registry key "DizzyDing" at "HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUninstall".
  • Delete the registry key "Update DizzyDing" at "HKEY_LOCAL_MACHINESYSTEMControlSet001Services".
  • Delete the registry key "Update DizzyDing" at "HKEY_LOCAL_MACHINESYSTEMControlSet002Services".
  • Delete the registry key "Update DizzyDing" at "HKEY_LOCAL_MACHINESYSTEMControlSet003Services".
If Ad.DizzyDing uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

Manual Removal Guide for Ad.BuzzIt

The following instructions have been created to help you to get rid of "Ad.BuzzIt" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware

Description:
Ad.BuzzIt creates a 'Buzz-it', 'Buzz-it Corp' or 'Buzz-it-soft' folder and copies adware files into it.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>Buzz-it CorpBuzz-it_wd.exe".
  • The file at "<$PROGRAMFILES>Buzz-it CorpBuzz-it157.exe".
  • The file at "<$PROGRAMFILES>Buzz-it Corpbuzz-it158.dll".
  • The file at "<$PROGRAMFILES>Buzz-itBuzz-it_wd.exe".
  • The file at "<$PROGRAMFILES>Buzz-itBuzz-it157.exe".
  • The file at "<$PROGRAMFILES>Buzz-itbuzz-it158.dll".
  • The file at "<$PROGRAMFILES>Buzz-it-softBuzz-it_wd.exe".
  • The file at "<$PROGRAMFILES>Buzz-it-softBuzz-it157.exe".
  • The file at "<$PROGRAMFILES>Buzz-it-softbuzz-it158.dll".
Make sure you set your file manager to display hidden and system files. If Ad.BuzzIt uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>Buzz-it Corp".
  • The directory at "<$PROGRAMFILES>Buzz-it".
  • The directory at "<$PROGRAMFILES>Buzz-it-soft".
Make sure you set your file manager to display hidden and system files. If Ad.BuzzIt uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "Buzz_it" at "HKEY_CURRENT_USERSoftware".
If Ad.BuzzIt uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

There are more registry entries that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Tagged , , |

License System Issues (Fixed)

We are currently experiencing technical issues with our licensing system. We apologise to any customers who have been inconvenienced by this issue.

If you have purchased Spybot from our website recently but your license was not generated or emailed to you, we would like to assure you that your payment was received. When the issues with the licensing system have been fixed, your license will be created and sent to you.

When we have an update on this issue, it will be posted here. You can expect your license to be sent to you soon after this.

This issue has since been fixed and all of our systems are up and running again. We would like to thank anyone affected by this issue for your patience. If you have not already received your purchased license, you can expect to receive this by email within 24 hours.

Spybot Anti-Beacon Analysis and Tutorial

Some users of Spybot Anti-Beacon may be happy to learn that Youtube user Barnacules Nerdgasm has recently released an informative tutorial about disabling telemetry in Windows 10.

In this video, Barnacules installs Spybot Anti-Beacon, and provides a detailed walkthrough of the features and options available in the program.

If you are interested in learning more about how Spybot Anti-Beacon works and what it does, this video should answer any questions you may have.

Link to video

SnapFiles Review

SnapFiles is a website which provides reviews and compiles lists of the best technology products in areas such as Network Security.

Their review of Spybot can be found here:

Review

FileForum Review

Fileforum is a website which provides reviews for technology products.

Their review of Spybot can be found here:

Review

GoodGearGuide Review

GoodGearGuide is an Australian website which specialises in technology news and reviews.

Their review of Spybot can be found here:

Review

SiteJabber Review

SiteJabber is a web-based platform for consumers to find trustworthy online businesses and avoid scams.

Their review of Spybot can be found here:

Review

CNET Review

CNET (stylized as c|net) is an American media website that publishes reviews, news, articles, blogs, podcasts and videos on technology and consumer electronics globally.

Their review of Spybot can be found here:

Review

Spiceworks Review

Spiceworks is an online community where users can collaborate and seek advice from one another and also engage in a marketplace to purchase IT-related services and products. The network is estimated to be used by more than six million IT professionals and 3,000 technology vendors.

Their review of Spybot can be found here:

Review

Spybot Anti-Beacon Privacy-Protection Tool

Spybot Anti-Beacon is a simple, portable and free tool built by Safer-Networking Ltd. It was designed to disable the various tracking (telemetry) features present in Windows 10. It has since been modified to disable similar tracking functionality in Windows 7, Windows 8 and Windows 8.1 operating systems.

As many Windows users may know, updates were released recently for these operating systems which included options to automatically send usage data to Microsoft to help improve their products. Instructions for disabling these new updates, and the features associated with them, began to be circulated on the internet almost immediately by privacy-concerned users. Many of these instructions were incorrect or incomplete, so we have created Spybot Anti-Beacon to disable all known telemetry options with the click of a button.

Spybot Anti-Beacon is updated regularly to include any new telemetry options added. This means that users no longer have to worry if there is still a telemetry option enabled that they may have missed manually, or that a new telemetry option has been included in a recent update for their operating system.

For more information about Spybot Anti-Beacon, or to download this tool, see the main page for this tool.

Spybot 1.6 and sbNet Update Issue

Update (24-08-15): This issue has since been resolved.

We are currently experiencing issues providing our latest updates for Spybot 1.6 and sbNet Business Edition users. We are working on this around the clock and expect to have this problem fixed soon.

Users of Spybot 2.0 and above, or the Corporate or Technician Business Editions, should not experience any issues regarding updates.

We apologise for any inconvenience this issue has caused.

Spybot 2.5 Compatibility

Spybot 2.5 is soon to be released for download. While it may look the same as version 2.4, there have been some changes made to this version to ensure compatibility with Microsoft’s new Windows 10.

Unfortunately, these changes mean Spybot 2.5 is not compatible with Windows XP. Users of Windows XP are advised to continue to use version 2.4 for now.

If you are installing Spybot using your license file, version 2.5 may also be automatically installed. For this reason, XP users are advised to install Spybot 2.4 Free Edition from any of the links provided on our mirrors page, and then run the license file to apply it to the Free Edition of Spybot 2.4 which you installed.

Spybot 2.4 and Windows 10

Spybot 2.4 runs fine on current Windows 10 test versions, even if the Windows Upgrade Advisor advises otherwise.

Microsoft has announced, on a page no longer online, that they will uninstall antimalware software on an Windows 10 upgrade, and re-install it only for those with a valid subscription.

In our tests, current builds of Windows 10 do not show this behaviour yet. And so far, no one at Microsoft seems to know or be able to tell how a valid subscription is defined.

Should the upgrade, once it is published on July 29th, remove Spybot, please re-install Spybot. Customers of paid editions can use the email link they received.

If it should become necessary and possible for us to update Spybot to make the Windows upgrade easier, we’ll react immediately and release Spybot 2.5 to cover Microsofts requirements.

Malware removal guides

Not all malware, spyware or viruses can be removed automatically by software. Some intrusive software can only be removed manually. Safer-Networking Ltd, as well as providing a free edition of their malware removal tool Spybot Search & Destroy, also provide free malware removal guides. You can access this valuable resource here:
https://forums.spybot.info/forumdisplay.php?54-Malware-Removal-Guides

Spybot in Croatian is here!

Croatian flag
Your favourite antivirus and anti-malware internet security software, Spybot – Search and Destroy, is now available in Croatian!

To change to the language settings within Spybot select ‘Advanced User Mode’, choose Settings/Language and select your language from the list.

Spybot is currently available in: English, German, Russian, Spanish, French, Croatian, Hungarian, Italian, Polish and Ukrainian.

Our translators are working hard to continue to provide multilingual support for our users. Keep an eye on our News section for all the latest updates, including information on new languages to be added.

 

Spybot will soon be available in Croatian

We will soon be adding Croatian to the list of languages that Spybot is provided in. For all the Croatian-speaking people who have been waiting anxiously for this, we are proud to say that your favourite antivirus and anti-malware software will soon be available in your native language.

To change to the language settings within Spybot select ‘Advanced User Mode’, choose Settings/Language and select your language from the list.

Se habla español!

We have finally completed the Spanish translation of the Spybot user interface and it will be available for those who update their software after 30th July.

Spybot-S&D Start Center in Spanish

Spybot-S&D in Spanish

Now our loyal Spanish speaking users will be able to access all functions of our antimalware software in their native tongue. To change to the language settings within Spybot select ‘Advanced User Mode’, choose Settings/Language and select your language from the list. It is as easy as that!

Ransom and Blackmail DDoS— who’s really behind this?

Ransom and extortion is no longer reserved for sensational news and bad movies; cyber hackers are diving headfirst into this growing area of criminality. Hackers know you care dearly for your website, and they expect your protective instinct will translate into a quick payday.

Unwelcome News

Your website just went offline for 20 minutes. Few minutes later you see a strange message in your inbox that reads: “I have a DDoS army ready to attack. Pay $300 in 24 hours or I will crash your website again. Good day!” You hoped this day wouldn’t come. When you are operating a successful website, this is the last message you want to receive.

Unfortunately this type of message is more common than ever. Companies are being held against their will with ransom DDoS in this pattern. Hackers send a ‘warning shot’; just a couple Gbs of traffic to show you they mean business. Then the ransom note demanding your compliance or they will hit you even harder.

So how do you get out of this jam unscathed? Let’s examine recent ransom activity to see how you should respond to hacker threats.

DDoS is as easy as Pie

From the beginning of 2014 the cyber security industry has recorded some disconcerting trends regarding Distributed Denial of Service (DDoS) “ransom attacks”. To put this trend into numbers, according to security provider Incapsula, reports of DDoS ransom threats have increased from “one or two a week” to “once or twice every other day.”

But, to what do we owe this unwelcome surge in ransom DDoS threats occurrence?

Well, for one, this new trend is a result of technological improvements that made it easier (and cheaper) than ever to command DDoS botnets.

After all our infrastructures are constantly improving. Better networks also mean higher power attacks. These are dangerous tools for those who would misuse their potential.

Moreover, increased global Internet access also facilitates the evolution of botnet malware, as more and more underdeveloped and un-secured networks are added to the general pool.

Of course there are many reasons for this uptick. Yet, whatever those reasons are, the bottom line remains the same: today, DDoS attacks cost next to nothing to execute. And, with new and widely available “botnets for hire” services, they could be initiated by everyone, not only for ransom but also out of spite or sheer boredom.

Ransom DDoS – Modus Operandi

It’s interesting to note some of the common themes that appeared time and time again, in the latest ransom DDoS attacks.

Shifting the Attention

Oddly enough, many low-level hackers will tailor their message to their target as a thinly veiled threat from a rival company.

The point of this tactic could be to create a red herring in the target company’s ensuing investigation of the threat, but the more likely motivation is to instill a feeling of paranoia in the target.

Also, companies tend to make rash decisions (like pay an uncreative hacker) when they feel their enemies are bearing down on them.

Small Price to Pay

DDoS has become so easy, one can execute a DDoS attack for 20-30 USD at a time. This ease-of-use also drives down the average ransom price to a 300-700 USD. This is obviously just “pocket change” for many websites, and some would be inclined to pay up, but before they do they need to look at the bigger picture.

One issue with paying the initial ransom is the possibility of a second threat. After all, if the hacker knows that you’ll pay up, what is stopping them from coming at you again, with harsher demands?

Also, word of a vulnerable site that is susceptible to ransom DDoS demands gets around. Even if the first hacker honors his/hers word, what’s to stop someone else from trying to shake you down with another DDoS threat down the road?

Stingy Copywriting

Creative writing is not one of hacker’s strong suits. If you can believe it, the ransom email sent to Meetup was the exact same sent to a big Israeli website, and several others as well.

Hackers hiding behind the same block of text are likely trying throw off the scent in a counter investigation.

Who’s really behind these Ransom DDoS Attacks?

Considering the size of these attacks and the sloppy methods of execution – not to mention the pocket change ransom asks – these threats look like a work of so called “script kiddies” – amateurish hackers that use someone else’s tools to turn a quick profit.

spybotThis doesn’t mean that these “attention hackers” aren’t dangerous. Still, when you do get that ransom email, it helps to know what you are up against. After all, knowing is half of the battle.

New Spybot 2.4 fixes several updating problems

Responding to user reports we released Spybot 2.4 today which fixes some bugs in Spybot’s Updater:

  • problems when bdcore.dll is updated (only Spybot +AV editions)
  • for antivirus updates the proxy settings were ignored (only Spybot +AV editions)
  • we rephrased the message that is printed when no new updates are available to be more user-friendly
  • for users of the Polish translation of Spybot, updating was broken

If you are experiencing problems updating signatures you should install this version. All
other users may skip this release.

Please download the new version from here:

Download

(File size: 45 MB, MD5 sum: E0797E7358557BE996F1F367D1F1E0FC)

Version 2.3, a more user orientated version of Spybot has now been released

In response to the latest techniques used by malware developers we have added new enhanced detection methods. This means better protection against the new wave of spyware, rootkits  and viruses.

Scanning and cleaning is now much faster. We have ‘tweaked’ our scanning engine so it now scans faster and some cleaning tasks are now fully automated.

We have also made certain features of Spybot easier to access from the user interface at the request of our customers, many of whom gave us very useful feedback. There have also been many other functional improvements and enhancements.

For example:

  • Improved Startup Tools. These powerful tools now work with even the latest Windows Operating Systems.
  • SDScan now runs automatically with escalated privileges. This means no more annoying restarts and no need to run SDCleaner.

Furthermore we have added an exciting new ‘Notifications’ feature:

Spybot can now be configured to send the results of scans on your PC to your mobile device, server, chat or website. You no longer have to wait around while Spybot is doing a scan. As soon as your scan finishes a message will be sent to your chosen recipient and you will be informed of possible threats. This means you can react and make decisions on what action to take much faster.

Download

(File size 45 MB, MD5 checksum: 99486b7c771bd3049fba3333ed848711)

The public beta test of the next release of Spybot +AV is now finished

The public beta test of the next release of Spybot +AV is now finished.

Many thanks to our many beta testers who gave a lot of constructive feedback to our team.
This is the reason, why we decided that this time the winners of the 7 Professional Edition Licenses are all those who left their email addresses.

There will be a final phase of bug fixes, tweaks and internal testing before the release candidate will be published. As there were no major bugs reported, this will not take very long.

Updates around Christmas and New Year

Due to the fact that Christmas and New Year are on a Wednesday this season, we will postpone the antispyware updates to the Friday after Christmas and New Year respectively.

We wish all of you a peaceful and quiet time and a Happy New Year!

New Spybot 2.2 to support Windows® 8.1

Microsoft will soon be releasing version 8.1 of their Windows® operating system.

While testing Windows 8.1 for Spybot +AV compatibility, we encountered changes to the Windows® Security Center and some other security techniques that made an update to Spybot necessary.

Release 2.2 of Spybot will incorporate these modifications in order to ensure compatibility with Windows® 8.1. All other changes are minor, which means that you will not need to upgrade from Spybot 2.1 to 2.2 unless you are planning on switching to Windows® 8.1.

Download

(File size 39 MB, MD5 checksum: 66debfc4ade6a68e0827457b337bc866)

Spybot 2.1 Service Release

The second service release of Spybot 2.1 is now available. As well as background improvements we have also included updated language files and installation is now smoother. As a result of feedback from users we have also changed the default settings for Internet Protection to give better performance. The Start Center and the tray icon now give you more precise information about the status of options.

Download

(File size 36 MB, MD5 checksum: 5041225B3ACEA99FD34EB9F026AC7D82)

Summertime Giveaway 2013

It’s that time of the year where you would like to spend your money on a six pack of coke, beer or iced tea and not on software licenses, so we decided to host another giveaway of Spybot Professional Edition licenses.

Just use our giveaway options below to like us on Facebook, follow us on Twitter or tweet about us to gain up to five entries in the giveaway.

Winners will be drawn next week and notified right away. You can read up our Terms and Conditions for more details.

Good luck!

a Rafflecopter giveaway

Spybot +AV 2.1 Released!

Not only does Spybot +AV version have an award winning antivirus engine but it has many new features and enhancements:-

Scan Results Virus Found

Click on image to enlarge

 

Virus scanning and removal (Home Edition and above): The inclusion of the anti-virus engine means that we can now offer live protection against viruses.

Selective removal. Choose only the malware you want to remove. You can view what is suspected to be malware on your system and decide if you want to keep it or remove it.

 

 

The anti-virus signature files are updated multiple times every day. This means real protection always.

 

Simplified view of update screen. Information is now displayed in a clear, understandable graphical format.

Enhanced GUI: We have simplified the view of many component parts to make it easier for our users to understand what is happening.

Multilingual support: We have now included French and Italian languages. The language can easily be changed from within the settings section in ‘Start Center’.

MRU (Most Recently Used) Scan: If you want to do a quick scan, you can tell Spybot to scan only the most recently used files.

Scan mode for usage tracks only: You can do a dedicated scan and remove only usage tracks.

Rootkit Scan: Rootkit scan has been improved.

Faster scan speeds: In the Home Edition and above the scan engine now supports ‘Multi-core’ processors.

Live Protection

Click on image to enlarge

 

 

 

Live Protection: Real time live protection can be turned on or off depending on users requirements.

 

 

 

 

PRE

Click on image to enlarge

Improved ‘Protected Repair Environment’: This exclusive feature is now easier to use as it has its own dedicated easy to use ‘Spybot Taskbar’. The PRE allows you to work in an independent environment that is free from malicious threats.

 

Updated Boot CD Creator: Integrated tool for creating a Boot CD to allow you to do a ‘clean boot’ of an infected system.

Extensive white list for system files: This is now shared among other Spybot components to further increase scanning speed. You are prompted to create white list in the Start Center on newly commissioned systems.

Order

If you do not require antivirus protection or already have antivirus protection installed click the button below to download the latest version of Spybot.

Download

(File size 35 MB, MD5 checksum: 5E20685E0AD4D5797719BF31B8B5F912)

Visit our new improved Forum

As part of our service to our users Safer-Networking has always provided a free, independent forum. This forum is maintained by volunteers and Safer-Networking staff.

Symbol picture Spybot forumWe have now updated this forum to make it even easier to use. If you suspect that your system is infected, but your antivirus or antispyware software does not appear to detect anything, you might find the forum useful and informative.

The forum is constantly being updated with the latest information on threats, and you can also post any issues you might have for the attention of our team of analysts.

If you have not already used this valuable service, you will have to register to be able to post. The registration process is quick and easy, and don’t worry, we are the ‘Good Guys’, we will not release any of your details.

Spybot +AV 2.1 Beta released, final version will soon be available!

The release of Spybot +AV 2.1 in early May will mark a big change in the Spybot product. We will soon be offering a product that not only provides detection and removal of adware and spyware but also antivirus protection.Spybot +AV 2.1 Beta 2 Start Center

This is a very important milestone for us as we will be offering a product that provides complete protection against all types of malware. As well as the addition of an antivirus engine we are now also offering more frequent updates for better protection.

This product has been a long time in development and the recent release of Spybot 2 was the first step towards the launch of this new product.

You can now test and try a Beta-Version of Spybot +AV 2.1. Head over to our Beta Versions page for detailed information about this pre-release.

Our loyal users that have used and trusted our free version need not worry, we are still committed to providing our fully functioning free anti-spyware product. We will continue to develop this product  and we are commited to continuing to make it available as a free download.

Customers who buy Spybot 2 from now on will be able to upgrade to Spybot 2 +AV free of charge when it is released.

Users who have already purchased any Spybot 2 product will be offered the option to upgrade to the new version when it is released.

Some of the improvements in this new version:-

  • Antivirus scan (Home Edition and above)
  • Enhanced GUI: a simple view has been added to many components and the number of dialogues has been reduced.
  • Improved rootkit scan, suspicious results can be scanned with our File Scan
  • Multi-core processor support in scan engine (Home Edition and above)
  • Live Protection
  • Internet Security: an integrated proxy server blocks access to suspect URLs (Windows 8 is currently not supported)
  • Improved ‘Protected Repair Environment’ – now has its own easy to use Spybot taskbar
  • Updated Boot CD Creator allows to create your own Boot CD with Spybot 1 and 2
  • Boot sector scanning
  • Extensive white list for system files, now used in more Spybot components
  • Spybot now prompts you to create a white list when installed on newly commissioned systems
  • French and Italian translations now included by default

Like to get the latest about Spybot +AV 2.1? Simply follow our news

Spybot 2 now available.

It is done!

We are proud to release version 2.0 of our anti malware tool Spybot – Search & Destroy.

In our discussions with our users we realised at an early stage that they wanted a more modern user interface. We believe we have managed to create a new front end in our Start Center that has a clean Spybot 2.0 Start Centerlook while proving easy access to many additional new features and tools.

The tools available are grouped in the ‘Start Center’ into three sections. Most of the ‘Basic Tools’ existing users will be familiar with but they have all been improved to increase speed and usability

The ‘Advanced Tools’ really start to let you get to the core of your system and are not for the faint hearted. ‘Settings’ gives you control of how Spybot 2 behaves and really allows you to tailor settings to get the maximum out of our software. Here you have control of everything from schedules to choosing how Spybot 2 interacts with other installed software. By tweaking the settings available scan speeds can be fine tuned. ‘Startup Tools’ give you access to various registry settings grouped logically. This is a tool for real experts and caution should be exercised when making changes. A ‘Secure Shredder’ is also provided which allows you to effectively delete files by making sure that all traces of data have been removed. This is very useful if you are worried about confidential documents falling into the wrong hands.

‘Advanced Tools’ also provide a ‘Rootkit Scan’ Spybot 2.0 RootkitScanwhich can provide a Quick Scan of you system or a ‘Deep Scan’ which is of course more time consuming. There are also facilities here to check for updates and repairing broken system entries.

Some new tools grouped in the third section ‘Professional Tools’ are only included in the paid versions. With the ‘Professional Tools’ we are really getting into the realm of experienced user that understands exactly how difficult malware can protect itself from less advanced software. Here you will find a tool that allows you to create the popular Spybot 2 liveCD. With the liveCD you can do a ‘clean boot’ of a system and still gain access to registry hives. This is something that cannot be achieved with bootable CDs based on other operating systems. The ‘Protected Repair Environment’ which allows you to scan and clean without the interference of malware. For iPhone users there is also a useful tool provided for scanning ‘apps’.

The ‘Scripting Tool’ and ‘OpenSBI Editor’ found here are not the type of thing that would be used in the everyday detection and removal of malware but are of use in situation where an Administrator wants to provide more protection to users.

As with the previous versions we are still providing a fully functioning version for free download!

Download

(File size 52.9 Mb, md5 checksum = 272A7ED33C052AA6F3F56802853CCC48)

If you require more protection you might be interested in our more advanced versions:

Tell me more

Third release candidate of Spybot 2 available

Start Center of Spybot-S&D 2.0

Start Center of Spybot-S&D 2.0

Spybot 2 is the next generation of our anti malware software and we are pleased to announce Release Candidate 3 is our last release candidate. We have fixed the last few bugs and further polished the user interface.

In Release Candidate 3 we now include our OpenSBI editor and a script editor for writing advanced malware removal scripts. These scripts are written using a Pascal dialect. With a Professional Edition license you can now also create a bootable CD using the included BootCDCreator.

Please test this release candidate so we can deliver a rock-solid final version of Spybot 2. You can help us by reporting bugs you may find or discuss this release candidate in our forum.

Release Candidate 3 includes a free Professional Edition Evaluation License (valid for one month). By the way: you can order Spybot-S&D 2.0 Professional right now. As an early adopter you get a license that is good for 18 months instead of the usual 12 months, which equals a 50 percent plus!

Would you like to test the Release Candidate? Download it here: [Mirror 1] [Mirror 2] [Mirror 3] [Torrent]

(File size: 52 MB, MD5 sum: EFFC05414B98BC1328346D229DF586AB)

Like to get the latest about Spybot-Search & Destroy 2.0? Simply follow our news

Second release candidate of Spybot – Search & Destroy 2.0 available

Start Center of Spybot-S&D 2.0 Release Candidate 2

Start Center of Spybot-S&D 2.0 Release Candidate 2

Spybot-S&D 2.0 will be our next generation software to find and destroy Spyware, Trojan horses and other Malware on your computers. After the release of our first release candidate we fixed a lot of bugs and polished the user interface. So in Release Candidate 2 there are no new features and big changes compared to the last pre-release. Instead this version represents our efforts to stabilize the software further to deliver a rock-solid final version of Spybot-S&D 2.0 later this year.

Nevertheless this pre-release is still intended for testing purposes only. If you do not want to help with testing and by reporting bugs, please just continue using our tried-and-tested stable release Spybot-S&D 1.6.2.

Release Candidate 2 includes a free Professional Edition Evaluation License (valid for 2 months).

Would you like to test the Release Candidate? Download it here: [Mirror 1] [Mirror 2] [Mirror 3] [Torrent]

(File size: 47 MB, MD5 sum: 5a716e0dac97c247d7259e81b03438f9)

Like to get the latest about Spybot-Search & Destroy 2.0? Simply follow our news

New Spybot Website

After many months of hard work by our staff and volunteers our new look multilingual website is now live. Over the next few months with the help of our volunteers we hope to add all the additional languages we had on our old website.

We hope that you will find the new site easier to navigate and the information you require easier to find. We will also, soon, have our forum updated, our team is currently working on this.

This work is all in preparation for the imminent launch of our new product ‘Spybot 2’ – a faster and more efficient version of our tried and tested world leading anti-malware product.

We will continue to provide our software, support and forums free of charge to all our private users but in order to continue we do rely on the occasional generosity of you, our user. If you value our service maybe you might feel like making a small donation?

We are almost there! First Spybot – Search & Destroy 2 Release Candidate available!

The new Protected Repair Environment

You may not notice any visual changes in Spybot Release Candidate 1 (RC1) if you compare it to the beta versions but there are a lot of improvements below the surface.

One thing you will notice is the new licensing scheme, but don’t worry we are still providing (and will continue to provide) a fully functioning free version of Spybot – Search & Destroy. All essential features such as scanning, fixing and passive protection features such as the immunization will still be available. Of course shredding files is an essential part of the free version as well. The new Startup Tools will help you to browse through autostart entries and assist you taking a deeper look in your system. Separate scans for Rootkits or single file scans are also part of Spybot – Search & Destroy 2.0 Free Edition.

The new licensing scheme is to make distribution to our professional users easier for us. Some features, like support for networked environments, boot CD creation and more – features that the average user may not require, will be available to licensed users.

While Spybot 2 has not reached final state, we will of course provide a license for testing free of charge, registration will not be required. As always, users of the free edition won’t have to register even in the future. A few highlights of the release candidate are:

  • Extended whitelisting identification for File Scanner and Startup Tools
  • New Protected Repair Environment allows to run all Spybot – Search & Destroy tools in a separate and secure desktop
  • Full Scan runs faster through files in your download directory
  • Separate File Scanner can now handle huge folders
  • Fixed problems with Cleaner on reboot
  • Added Russian localisation

Included is a free Professional Edition Evaluation License (valid for 2 months)

If you decide you like the additional features in the licensed version and want to make a minimum donation of $10, forward your receipt (PayPal or WorldPay) to sales@safer-networking.ie with the words ‘Spybot Version 2 Request‘ in the subject line and we’ll generate and send you a Personal license when version 2 is released!

Would you like to try the Release Candidate? Download it here: [Mirror 1] [Mirror 2] [Mirror 3] [Torrent]

(File size: 47 MB, MD5 sum: 54D69077BD0DFFF6880E97A4C0F59A4B)

Please visit our forum for general questions or comments about this release.

Like to know more about Spybot-Search & Destroy 2.0? Simply follow our news

The sixth beta release of Spybot-S&D 2.0 is ready!

The cleaned up Start Center of Spybot-S&D 2.0 Beta 6

The last beta release of Spybot-S&D 2.0 finally arrived!

In this Beta we have fixed a lot of trivial and minor issues. As a result we expect Beta 6 to be the predecessor of the first release candidate. We hope you like our fresh user interface cleanup.

We would like to thank our faithful users who reported dozens of bugs.

Beta 6 features:

  • Windows 8 Security Center support
  • A modern and cleaned up user interface
  • Updated help document and style
  • Master Boot Record scans using SDRootAlyzer
  • Installer now detects more recent versions of Spybot-S&D
  • Added Uninstall Wizard to maintain undo immunization or recovery
  • Fixed exceptions when scanning files on a network share

Remember it is a beta and as such not a replacement for the stable version 1.6.2.

Known issues:

  • Tests on Windows 8 are not completely finished
  • This version does not offer the Live Protection component
  • SDChrome has been removed; the web browser extensions will be rewritten using a more flexible concept.

Would you like to test the new beta version? Download it here: [Mirror 1] [Mirror 2] [Mirror 3] [Torrent] (File size: 42 MB, MD5 sum: A8B8FDD4381766C98FADC9A78906DE1F)

Please visit our forum for general questions or comments about this release. Use our bug reporting form if you want to report a bug.

Like to know more about Spybot-Search & Destroy 2.0? Simply follow our news

 

Welcome to our new website

Welcome to the new website of Safer-Networking Ltd., the home of Spybot-Search & Destroy. This new site has been many months in development. Our aim was to make it easier for our valued users to identify the product that best suits their requirements whether it is our fully functional free version or our commercial editions.

As always Team Spybot is still the driving force behind our products and we will continue to dedicate our efforts to fight for your right to privacy when using the Internet.

Any comments you have regarding our website would be greatly appreciated. Our contact details can be found on our ‘Contact’ page.

The fifth beta release of Spybot-S&D 2.0 is ready!

In this Beta, as always, we have reacted to our users requests. As a result Beta 5 has important subsurface improvements:

  • We have revised the Uninstaller.
  • Memory consumption during scans has been optimized.
  • The detection criteria were improved and now detect more malicious files.
  • Extended logging is now easier to understand.

We have also added support for big fonts and made navigation without a mouse easier.

Once again we would like to thank those users who submitted bug reports.

Beta 5 features:

  • Start Center: New views have been added and links have been revised.
  • Refreshed the GUI: The navigation bar has been shortened.
  • The dialogs have been edited.
  • Files and Folder Scan detects even more malware (by extending the heuristic scope).
  • Files on any network resource can now be scanned (viz. UNC support).
  • The Rootkit scanner has been updated.
  • Memory consumption has been reduced.
  • Event logging has been updated.
  • The installer now prompts to uninstall a previously installed version of Spybot-S&D 2.0.
  • The uninstall procedure has been optimized.
  • Issues with Windows Security Center and Action Center integration have been fixed.
  • The “Jump to registry” mechanism has been optimized. The content of any detected item in your registry can now be easily checked.
  • Grouping has been added to SDUpdate.
  • Support for blind users has been improved.
  • Support for big fonts has been added.
  • Increased interoperability with 3rd party scanners.

Remember it is a beta and as such not a replacement for the stable version 1.6.2.

Known issues:

  • Tests on Windows 8 are not finished yet.
  • Previous betas were dedicated to getting feedback for ‘Live Protection’; this version does not have ‘Live Protection’ in order to get feedback on the other components independent of the ‘Live Protection’.

Would you like to test the new beta version? Download it here: [Mirror 1] [Mirror 2] [Mirror 3] [Torrent] (File size: 44 MB, MD5 sum: 2F3C846D6C04979942A2884E2A21A3E5)

Please visit our forum for general questions or comments about this release. Use our bug reporting form if you want to report a bug.

Like to know more about Spybot-Search & Destroy 2.0? Simply follow our news

 

How to update

  1. Since version 1.5 Spybot-S&D is kept up to date by the Updater, a separate tool. To start it, please click on Update in the navigation bar. If you want to, you can also click on the button Search for Updates – then the window showing additional update types (2.) is skipped and you start immediately with the server list (3.).
  2. If you have clicked on Update a new window opens. There you can select two additional update types: beta and language updates. To go on, please click on Search.
  3. Select a download location (the nearer to you the better) and click on Continue.
  4. Select all available updates who are relevant for you (detection updates are already preselected). By clicking on Download you download them. Updates will be installed without any further action needed.

Protecting your privacy when using your computer

  1. Never send a Microsoft Word document by email. They all store information you may not want others to see. This could be information about your computer to parts of the document you believed you had already deleted long ago. Think about it how embarrasing it would be if you edited the document called “Love letter to Donna.doc” and saved it as “Love letter to Nina.doc” and Nina had a closer look at the file and suddenly realised that she received the same letter you’ve already sent to Donna.
  2. TANSTAAFL – There ain’t no such thing as a free lunch. If an email from an unknown person or a popup window offers you something for free, you can be sure there must be some snag. The “good guys” don’t use spam mails (unsolicitised email advertisement) or annoying ad popups. And there is no such thing as a free holiday trip coming from a popup that thousands of others see as well.
  3. Don’t answer spam, not even to use the “unsubscribe” some spam mails offer. By answering, the people behind it know that your email address is a valid one, and you’ll get even more spam in the future. The best solution I’ve found so far is to use a tool like MailWasher to send back spam mails as undeliverable.
  4. Don’t stick your passwords on PostIt notes around your screen, or under your keyboard. Don’t use the same passwords in multiple places. Don’t use your name or birthday or those of relatives as your password. Don’t give your password to anyone – not even your administrator needs to know it. I know you’ve heard and read this a lot of times before, but its important.
  5. Set your browser to block third-party cookies. Nearly every browser allows this, and it will keep out all the tracking cookies without any need of additional blocking (and you don’t need third party cookies for anything useful). And if you use Internet Explorer, make sure your security settings are at least set to Average.
  6. Even better, use an alternative to Internet Explorer and Outlook Express.
  7. To be continued…

The new kind of spam coming from the good guys

First, there was spam. Dozens of mails every day trying get you to order Viagra or watches at a fraction of the retail price. Then there were viruses, Worms that spread rapidly and arriving in their hundreds every day. Both were a real irritation, and both had to be dealt with.

What many good people did was to implement both spam and virus filters. In theory this was great but in practice things are never perfect.

But in fact, my inbox is now fuller than ever. You can guess why: half of the incoming mails are “Your mail has been rejected because it contains a virus” or “… because it has been classified as spam”. Why is this? Most of you know the tricks of the current mail worms: they spoof the senders address. Anti-virus programs identify these addresses as being ‘spoofed’ but instead of deleting the mail, the antivirus gateway will send a return mail stating a “Your mail has been deleted because of a virus” back to the alledged sender.

Now these “blocked because of…” mails are nearly as irritating as spam! People who are protecting themselves against spam are causing others to suffer!

Therefore I call to everyone using spam- and virus-filters: ask your administrator them to stop sending replies to these spam mails! Call your network admin, call Symantec and McAfee and Panda, call the company managing your virus-protected mail system.

And I ask all companies and anyone developing gateways that filter and bounce spam and infected emails; do the obvious! If you know a virus uses spoofed sender addresses, make sure your gateway does NOT send a reply to the alledged sender!

About phishing

Phishing is an attempt to surreptitiously acquire classified information (for example usernames, passwords or credit card details) by concealing malicious code in an electronic communication.

For more information regarding phishing please refer to this Wikipedia article: http://en.wikipedia.org/wiki/Phishing

The four columns of security for a safe online experience

Anti-Malware

Obviously, you’ll find us positive about our own software for this purpose, Spybot – Search & Destroy, which should protect you well.

A very important advice when downloading any anti-malware application is to check the source of the file and the validity of the application twice. Do not use sponsored links on search engines for example – cheaters often try to sell inferior software “trials” labeled with the name of well known other products. Others are rogues that have only superficial functionality and might even install malware themselves to show they would detect something others are missing. A list of known fake or rogue applications can be found at Spyware Warrior.
Also, make sure the manufacturer of the solution you intend to install is a member of the ASC and does adhere to its standard (not all do, see below).

Anti-Virus

The classical area of protection that anyone knows about, initially centered on detecting files only, so we would still not recommend on depending on the malware protection from your AV (nor from that of your anti-malware – you’ll need both).

Standard precautions to avoid the classical viruses haven’t changed in a long time: do not open files you receive on disk or by email unless you scanned them with your antivirus application first. Do not open files a stranger sent you at all, nor files that seem to be coming from known persons, but are not accompanied with a personal letter (your friends machine might be infected and sending them out automatically). Verifying downloads by comparing their hash to one displayed on the website of the manufacturer is highly recommended (you can for example use our FileAlyzer product for that purpose).

Products we cannot recommend are:

  • Kaspersky Internet Security 2008/2009
  • McAfee InternetSecurity 2008/2009/2010
  • Trendmicro Internet Security 2008/2009/2010

Industry standards define software that impairs user control over material changes that affect their system security as potentially unwanted technologies, and these products force you to uninstall unconflicting competing software, thus lowering your computers level of security compared to other software. And should you really trust a company that’s putting marketing way over your security?

Firewall

At the moment, we cannot really recommend any firewall product. On the one hand, we’ve (at some point over a long time, not continuously) experienced problems with all of them we tested and would not feel comfortable e.g. recommending a firewall that kills the system. On the other hand, we do not really believe in those one-thing-for-all solutions, where firewalls include anti-virus and anti-spyware applications that are often not as well maintained as dedicated solutions and may conflict with other installed security software.

After much thought, we’ve decided that we simply could not find any third party software firewall we can currently recommend with a safe conscience. The Windows Firewall could be regarded as sufficient for sensible Internet users. We’ll update this part with better information when we come across it.

Spam Filters

If you’ve got an up to date version of your email application installed, it’ll already come with a sufficient spam filter. If you enable it and it doesn’t lead to good results immediately, you might have to “train” it for a few weeks by manually flagging spam emails. And the best protection against spam still is to deal sensitive with your personal data. Check twice or thrice where you leave your email address.

May the fourth be with you! Spybot Search & Destroy 2.0 Beta 4 is here!

Spybot2The fourth beta release of Spybot-S&D 2.0 is now ready! We would especially like to thank all users who have submitted bug reports and suggestions for Spybot-S&D 2.0 in recent weeks. Your efforts greatly helped to eliminate lots of bugs. Please keep up the good work and test our fourth public beta as well!

Beta 4 has much improved Live Protection and many bug fixes in different areas. We have also focused our efforts on testing Sypbot-S&D 2.0 for compatibility with third-party products in this release cycle.

Some highlights of this release are:

  • Live Protection is now enabled by default
  • Performance improvements for Live Protection
  • Live Protection scans can be cancelled
  • Improved compatibility with third-party products
  • Explorer Context Menu Extension for files and folders

Would you like to test the new beta version? Download it here: [Mirror 1] [Mirror 2] [Mirror 3] [Torrent] (File size: 46 MB, MD5 sum: def2c22520c079094854204809255c57)

Please visit our forum for general questions or comments about this release. Use our bug reporting form if you want to report a bug.

Like to know more about Spybot-Search & Destroy 2.0? Simply follow our news

Third beta version of Spybot – Search & Destroy 2.0 released!

Third Beta VersionThe third beta release of Spybot-S&D 2.0 is now ready! After one more month of public beta testing many of the bugs that were reported have been fixed. We have also included your suggestions into this release.

Beta 3 sees many speed enhancements, greater stability and improved Live Protection.

Some highlights of this release are:

  • Improved Live Protection allowing you to block and remove detected malware.
  • Global system file whitelisting for Windows XP and Windows 7.
  • The personal whitelisting component has been updated.
  • Improved scanning speed.
  • Updated browser detection and immunization.
  • Updated settings for background services.
  • Added URL whitelisting and cookie protection to Google Chrome extension.
  • Enhanced error reporting.
  • Fixes for known memory leaks and update issues.

Would you like to test the new beta version? Download it here: [Mirror 1] [Mirror 2] [Mirror 3] [Torrent] (File size: 45 MB, MD5 sum: 5530be1c9e99ef8eb140198aefe422bb)

Comment or ask a question? Please visit our support forum. If you found a bug please report it in detail with our bug reporting form.

Like to know more about Spybot – Search & Destroy 2.0? Simply follow our news

Second beta version of Spybot – Search & Destroy 2.0 released!

Second Beta VersionThe second beta release of Spybot-S&D 2.0 is now ready! After one month of public beta testing we fixed many bugs that you reported and incorporated your suggestions into this release.

The user interface has been improved and Beta 2 includes new features that were not ready when Beta 1 was released.

Some highlights of this release are:

  • Reduced download size compared to Spybot-S&D 2.0 Beta 1.
  • Faster installation procedure with a new option to preconfigure Spybot-S&D for a care free setup.
  • Experimental plugin for Google Chrome.
  • Experimental on-access scanner.
  • Optional heuristic scans.
  • Spybot-S&D’s modules can now be directly opened from its tray icon.
  • Fixed known uninstallation issues and tons of other bug fixes.

Would you like to test the new beta version? Download it here: [Mirror 1] [Mirror 2] [Torrent] (File size: 40 MB, MD5 sum: 0bb0786e73bdd1f236cb9b3a0df677c5)

Comment or ask a question? Please visit our support forum. If you found a bug please report it in detail with our bug reporting form.

Like to know more about Spybot – Search & Destroy 2.0? Simply follow our news