Saturday, February 9, 2008

Remove Powered by Zedo popups

Zedo (Powered by Zedo) is an annoying adware that will popup in the middle of the screen without warning usually when user try to search Google or another search engine. Then they would take your search term and put it in the popup ad showing Ebay or a few other sites. Pop up blockers can't remove Zedo. We recomend to use Spyware Doctor with free scan to remove Zedo cookies and files from your computer.

Zedo produces popups from this urls:
  • xads.zedo.com
  • upspiral.com
  • searchlocal.ws
  • aavalue.com
  • url.cpvfeed.com
Zedo Manual removal:
Find and remove this Zedo cookies:
  • zedo
  • c1.zedo
  • c2.zedo
  • c5.zedo
  • zedo.com
Remove Zedo files:
  • core.sys
Remove Zedo registry values:
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CORE
Automatical removal:
at 5:06 AM Posted by Roman 0 comments
Tags: , , , , ,

Friday, February 8, 2008

How to remove Edfqvrw Toolbar - Edfqvrw Toolbar Remover

Edfqvrw Toolbar is the latest BHO (Browser Helper Object) that hijacks your browser and generates fake spyware detection reports. Edfqvrw Toolbar may slow your computer and cause system slowdowns and Windows errors.The Edfqvrw Toolbar usually get installed onto your PC without your permission, through Trojan, malware and virus. We recomend to use Spyware Doctor anti-spyware to remove this threat from your computer.

Edfqvrw Toolbar removal tool:

Edfqvrw Toolbar manual removal instructions:
Unregister Ekxdvft Toolbar DLL Files:
byxww.dll
ssqpp.dll
ezzhjmt.dll
browsew.dll
ddcyvtt.dll
ctl3d3.dll
hggdbab.dll
toprates.dll
sprt_ads.dll
oggview32.dll
turbosearchsite.dll

Remove Ekxdvft Toolbar Registry Values:
A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D
14B65C62-1F53-4B15-9476-5D697608536F
82C8422E-86A3-41C1-9F2E-094F7BF849E2
BCBC8B3C-397C-4D98-B6BA-FF337B9671E1
17D2F953-B2D1-4D1B-BCD3-20432E09ECF1
80DFDD57-D8B8-4991-82B9-9E9D426668B0
4911E55D-9240-49DB-B878-337DE4F53E70
4090F502-6B2D-41B4-8409-B08905A3A0E6
F10587E9-0E47-4CBE-84AE-7DD20B8684BB
47EFD4AD-CB46-4549-B24B-CEE415394C56
3DAF1739-AB9E-493E-8DD7-F65CDF363BCB
at 2:14 PM Posted by Roman 0 comments
Tags: , , , , ,

VirusHeat 3.9 Removal Tool

VirusHeat 3.9 is another rogue anti-spyware program created to goad you into purchasing its full version. VirusHeat may be pushed onto your system by a nefarious Trojan that will issue fake notifications regarding your computer security. Once installed, VirusHeat may also display additional popup messages from www.virusheat.com that will disrupt your Internet browsing activities. VirusHeat may recognize legitimate files as being malicious and so prompt to buy it full version. Download Spyware Doctor antispyware with free scan to remove VirusHeat.

VirusHeat Removal Tool


VirusHeat screenshot:


VirusHeat manual removal:
Remove VirusHeat files:
wuuawkz.dll
iinqyl.dll
osdjhjc.dll
iklqcx.dll
vvihh.dll
fwjgtk.dll
fwrkqfl.dll
tiqmcx.dll
zdwii.dll
mivmv.dll
tmxxxh.dll
zkpssqa.dll
ryxrho.dll
vpccw.dll
gusur.dll
ktrxe.dll
VirusHeat 3.9.exe
VirusHeat 3.9.lnk
VirusHeat 3.9.url
Uninstall VirusHeat 3.9.lnk

Remove VirusHeat registry entires:
1D52BB09-465C-4AA4-9FBD-71D1690CAED3
24998748-6E8A-40D1-AA97-E9952EE9ED18
5596A310-2E54-4B75-ADA3-7EE0AD10E228
5C17F7D3-8460-4488-84EB-986A38BEDD2D
71DF187C-DC99-4A35-BDB2-C099821A435D
74DF3F5E-99D7-4F4D-81C3-95201D4CDA88
91478017-FF82-4C5D-9FFF-7801F8D99CCC
287FFE0C-15D0-4BFD-BAA9-0582C6361BBB
45973D31-5CE3-4503-BC81-25E525119C48
46D4D563-1C43-4CEE-AF98-471385F2BC42
9F9C8CF3-EB4A-4851-A4F6-2370F5BC79EE
B1B9C911-CA24-4E1E-9F56-838486218327
C78E49C0-AB82-4C79-A189-F1E34980643B
D2A0598F-FBC4-4721-BC85-F75C0712C100
E7B2831E-A25A-430B-B3E3-3D414F9C4288
EDC652FF-2EA2-4E46-8849-D9041B77B88E
049FECE3-18C7-4023-A1BE-CFAA2C4EE387
Microsoft\Windows\CurrentVersion\App Paths\VirusHeat 3.9.exe
at 8:48 AM Posted by Roman 0 comments
Tags: , , ,

Wednesday, February 6, 2008

Remove Ekxdvft Toolbar

Ekxdvft Toolbar is a new browser toolbar and hijacker. It generates false spyware detection reports to trick you into downloading fake antispyware programs. Spyware Doctor antispyware with free scan will remove Ekxdvft Toolbar (and nearly 100.000 of other spywares) for seconds.

Manual removal (only for skilled users):
Unregister Ekxdvft Toolbar dll's:
ekxdvft.dll
byxww.dll
ssqpp.dll
ezzhjmt.dll
browsew.dll
ddcyvtt.dll
ctl3d3.dll
hggdbab.dll
toprates.dll
sprt_ads.dll
oggview32.dll
turbosearchsite.dll
Remove Ekxdvft Toolbar registry entires:
A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D
14B65C62-1F53-4B15-9476-5D697608536F
82C8422E-86A3-41C1-9F2E-094F7BF849E2
BCBC8B3C-397C-4D98-B6BA-FF337B9671E1
17D2F953-B2D1-4D1B-BCD3-20432E09ECF1
80DFDD57-D8B8-4991-82B9-9E9D426668B0
4911E55D-9240-49DB-B878-337DE4F53E70
4090F502-6B2D-41B4-8409-B08905A3A0E6
F10587E9-0E47-4CBE-84AE-7DD20B8684BB
47EFD4AD-CB46-4549-B24B-CEE415394C56
3DAF1739-AB9E-493E-8DD7-F65CDF363BCB

at 11:25 AM Posted by Roman 0 comments
Tags: , , , ,

Tuesday, February 5, 2008

IECodec - new fake malware installer. IECodec removal tool and instructions

IECodec (BHO.IECodec) is a new fake codec that will try to install rogue anti-spyware programs, such as AntiVirusPro. It generates false positives and security warnings to trick users into downloading (and then buying) fake remedies. We recomend to remove IECodec using Spyware Doctor antispyware with free scan.

BHO.IE Codec screenshots:

Fake spyware detection report
Fake spyware detection warning / wallpaper hijack
Fake codec error
Internet Explorer hijacked by IECodec
Screenshots from http://siri-urz.blogspot.com/

IECodec automatical removal instructions:

IECodec manual removal guide:
Remove IECodec files:
vscodecsetup.exe iecodec.dll uninst.exe %program_files%\iecodec\iecodec.dll %program_files%\iecodec\uninst.exe %program_files%\iecodec\iecodec.dll vscodecsetup.exe %program_files%\iecodec\uninst.exe

Remove IECodec registry entires:

HKEY_CLASSES_ROOT\interface\{da5eab81-9e79-4751-8e06-3e68ff0cffb6} HKEY_CLASSES_ROOT\interface\{da5eab81-9e79-4751-8e06-3e68ff0cffb6}\proxystubclsid HKEY_CLASSES_ROOT\interface\{da5eab81-9e79-4751-8e06-3e68ff0cffb6}\proxystubclsid32 HKEY_CLASSES_ROOT\interface\{da5eab81-9e79-4751-8e06-3e68ff0cffb6}\typelib HKEY_CLASSES_ROOT\interface\{da5eab81-9e79-4751-8e06-3e68ff0cffb6}\typelib version HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17} HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17}\1.0 HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17}\1.0\0 HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17}\1.0\0\win32 HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17}\1.0\flags HKEY_CLASSES_ROOT\typelib\{7c12a866-f10b-43b4-a9d0-8857c318af17}\1.0\helpdir HKEY_CURRENT_USER\software\classes\appid\{9f264a67-6126-451a-8d14-d6ee64364cd0} HKEY_CURRENT_USER\software\classes\appid\iecodec.dll HKEY_CURRENT_USER\software\classes\appid\iecodec.dll appid HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3} HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\inprocserver32 HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\inprocserver32 threadingmodel HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\progid HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\programmable HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\typelib HKEY_CURRENT_USER\software\classes\clsid\{4507c219-24aa-4813-9561-a2003f9920c3}\versionindependentprogid HKEY_CURRENT_USER\software\classes\iecodec.iecodecbho HKEY_CURRENT_USER\software\classes\iecodec.iecodecbho.1 HKEY_CURRENT_USER\software\classes\iecodec.iecodecbho.1\clsid HKEY_CURRENT_USER\software\classes\iecodec.iecodecbho\clsid HKEY_CURRENT_USER\software\classes\iecodec.iecodecbho\curver HKEY_LOCAL_MACHINE\software\iecodec HKEY_LOCAL_MACHINE\software\iecodec\iecodec HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4507c219-24aa-4813-9561-a2003f9920c3} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4507c219-24aa-4813-9561-a2003f9920c3} noexplorer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\iecodec HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\iecodec displayname HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\iecodec uninstallstring
at 10:54 AM Posted by Roman 0 comments
Tags: , , ,

Monday, February 4, 2008

Adware.Badaz Removal Tool - How to remove Adware.Badaz

Adware.Badaz is a misleading program that can install malware on your computer. You can find it on malicious web-sites (like sites with fake video codecs , P2P networks, sites with cracks and keygens, adult resources). Badaz. Adware can bombard your desktop with annoying popups. We recomend to remove this dangerous program using Spyware Doctor antispyware with free scan, it will easily detect and kill Adware.Badaz and thousands of other adware, trojans, hijackers and other malware.

Manual removal of Remove Adware.Badaz files:
Local Settings\Temporary Internet Files\Content.IE5\8AUPRN7H\adbaaz_com[1].html
adbaaz[1].html
badaz[1].html
Adware.Badaz Automatical Removal:

at 1:12 PM Posted by Roman 0 comments
Tags: , , , ,

SmitFraud Removal Tool - SmitFraud Removal Instructions

Smitfraud (Smitfraud.g) is a common name for dangerous trojan that distributes rogue anti-spyware programs. SmitFraud generates false positives to trick users into downloading useless programs (such as VirusProtect, TrustedAntiVirus, XPAntiVirus etc). Spyware Doctor with free scan can remove SmitFraud and thousands of other parasites.

SmitFraud attacks show fake antispyware programs popups on your screen and/or a balloon popup from the windows system tray displaying a warning message that your computer is infected with spyware and telling you to purchase, download & install their program to remove it. The creator of each popup is an affiliate of the particular antispyware program they are promoting, so each time an unsuspecting user purchases the advertised program in hopes of removing the trojan the person behind the attack gets paid.
pchell.com
Smitfraud variants:
Smitfraud-c
Smitfraud-g
Smitfraud-C.Coreservice
Smitfraud-a
Smitfraud
W32.Smitfraud
Trojan.Smitfraud

SmitFraud automatical removal tool:


Smitfraud manual removal:
Remove SmitFraud files:
retadpu1000106.exe
retadpu.exe
retadpu[2].exe
retadpu[1].exe
wjiio.exe
retadpu21.exe
arpl.exe
retadpu77.exe
drsmartload815a.exe
drmv2clt.exe
MTE3NDI6ODoxNg[1].exe
MTE3NDI6ODoxNgnew.exe
drsmartload44a[1].exe
cproc.exe
ntsystem.exe
MTE3NDI6ODoxNg.exe
drsmartload1.exe
drsmartload95a.exe
drsmartload849a.exe
drsmartload46a.exe
drsmartload45a.exe
drsmartload100a[1].exe
drsmartload849v.exe
drsmartload46v.exe
drsmartload45v.exe
drsmartload849a8b5.exe
drsmartload849a[1].exe
drsmartload45a[1].exe
loader[1].exe
drsmartload46a[1].exe
drsmartload849a7h.exe
drsmartload46a7h.exe
drsmartload45a7h.exe
drsmartload.exe
drsmartload849a7i.exe
drsmartload46a7i.exe
drsmartload45a7i.exe
drsmartload192a[1].exe
drsmartload849a849m.exe
drsmartload46a46m.exe
drsmartload45a45m.exe
zloader3.exe
wp.exe
winstall.exe
winhook.exe
uninstiu.exe
shnlog.exe
popuper.exe
ole32vbs.exe
msole32.exe
msmsgs.exe
intmonp.exe
intmon.exe
hookdump.exe
helper.exe

Remove SmitFraud registry entires:
87EF7048-8905-4E82-862E-65004D4DFA80
6a307130-b248-4b23-b2b7-4498da8c977a
C2DE4340-CB68-450F-90CD-9BE1A26739D7
3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A
AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236
0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtursro
MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqnool
FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F
b292ec9f-a074-4115-8342-1f459702d8d2
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
b292ec9f-a074-4115-8342-1f459702d8d2
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\instcat
27321538-5739-4aa1-b84c-7d18e4383f1f
5f938c17-fbc7-4a3c-8526-85e5b1a1f762
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
5f938c17-fbc7-4a3c-8526-85e5b1a1f762
SOFTWARE\Policies\06849E9F-C8D7-4D59-B87D-784B7D6BE0B3
dfa61db1-388e-4c87-8d56-540fa229bcb4
f31aee4a-1530-4fef-8537-79c6973bff9a
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
f31aee4a-1530-4fef-8537-79c6973bff9a
03413bf7-e34c-445b-bfc0-a2b127255871
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\incestuously
19452E5B-963F-4886-766D-0526284B6F61
Microsoft\drsmartload2
64ba30a2-811a-4597-b0af-d551128be340
aea3d2df-2b2c-4d7b-81a0-d975c6dc088e
ed39ecef-902e-4ed1-8434-71e8db89e5ca
WMuse
5839511e-ec1b-4f91-ace3-fb88e52f5239
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
64ba30a2-811a-4597-b0af-d551128be340
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
aea3d2df-2b2c-4d7b-81a0-d975c6dc088e
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\decorin
f79fd28e-36ee-4989-aa61-9dd8e30a82fa
D5BC2651-6A61-4542-BF7D-84D42228772Centry.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallinternetupdate
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerSearchURL(Default)=[siteaddress]
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerSearchSearchAssistant=[siteaddress]
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerSearchCustomizeSearch=[siteaddress]
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainLocalPage=[siteaddress]
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainSearchPage=[siteaddress]
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainSearchBar=[siteaddress]
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainDefault_Search_URL=[siteaddress]
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainDefault_Page_URL=[siteaddress]
FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunmsnmessenger
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunWindowsFZ
Search the Windows registry for {D5BC2651-6A61-4542-BF7D-84D42228772C} entry.HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunWindowsFY
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionUninstallinternet update
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerSearchURL(Default)=[site address]
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerSearchSearchAssistant=[site address]
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerSearchCustomizeSearch=[site address]
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainLocal Page=[site address]
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainSearch Page=[site address]
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainSearch Bar=[site address]
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainDefault_Search_URL=[site address]
HKEY_CURRENT_USER SoftwareMicrosoftInternet ExplorerMainDefault_Page_URL=[site address]
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionExplorerBrowser Helper Objects{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionRunmsn messenger
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionRunWindowsFZ
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionRunWindowsFY
at 10:28 AM Posted by Roman 0 comments
Tags: , ,
Subscribe to: Posts (Atom)