Jump to content


Photo

Something is wrong


  • Please log in to reply
8 replies to this topic

#1 simon1

simon1

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 29 January 2007 - 09:40 PM

Hello Lavasoft Support Forum - hope all goes well with you.

Don't know where to start but I do know that I have a problem. So starting from the beginning, I had opened a media player file received from a friend and that's where I think my problem had started. I had received a virus/hijack or even been hacked which had basically taken over my system. I had been using my local cable provider here in Canada (Shaw) and was using their virus protection of Shaw Secure which is part of the F Secure AV protection. If I remember correctly, I had received 3 backdoor virus'. I deleted the shaw secure, downloaded zone alarm and Adaware. Through many scans from from Trend Micro, Panda, , smitfield fraud (clean), Symantec, Avg, Avast, Trojan Finder (?), Spybot S&D, Adaware and also installed Spyware blaster, downloaded registry cure, cleaner, Sting and anything else that I could find, I was able to (hopefully) put everything back to its proper order. BUT I feel that there is still something wrong and I cannot put my finger on it.

On occasion when I tried to use IE6, I could not get access whereby I was advised that the server could not be found and my home page could not be shown (shaw page). By clicking on the address bar and typing in google I knew that my cable connection worked. So I did download spybot SD which had a home page protector. Since then, I've not had trouble accessing IE but on occassion do have trouble accessing Outlook Express - and have to click on the send/receive button a few times before all works well. The OE is part of the "something is still wrong".

I see in my registery in the HK_ User that I have entried for Default, S-1-5-I8, 19 & Classes, 20 & classes and HKEY_USERS\S-1-5-21-3601647582-471559409-1189122813-1005 & its classes. I am unsure what these entries are for as they appear to all have alot of the same info included in them. When I run Adaware (usually every second day) I see in the MRU that the -360164 etc is always showing up and it is indicated as spyware but am uncertain what to do with this HK-User. It also shows many Media player instances even though I rarely use the program. In searching the web, the S-1-5- users could be affilited with something from Microsoft yet some sites indicate a virus so still Another "something is still wrong".

I had sent a hijack log to Tom Coyete and he/they replied that they were overwhelmed with logs and requested I send my log to Geeks to Go. Did this over a week ago but to date I've had quite a few people look at my log/help request but no one has answered back.
In looking on the web, I noted that Lava Soft had a support forum and am now hoping that you will be able to help me "put my finger" on the problem. I will be attaching a more recent HIjack this as well as the possibility of new Malware record for Lavasoft. As noted, I run ZoneAlarm with all the current updated, Adaware - all current updates

Do I have a problem still or am I becoming totally paranoid since the initial problem. I would truly appreciate your help in setting my mind at ease and hopefully get me out of the "help" forums. Thank you for your support.

Attached Files



#2 HJThis

HJThis

    Advanced Member

  • Volunteer Security Advisor
  • PipPipPip
  • 4076 posts

Posted 30 January 2007 - 04:56 AM

Hello,simon1 & Welcome


Please post the logfiles here just copy and paste it i don't work
with Attachments hard on the eye's.

Gogo ;)
Die Hijacker Die

Member of
ALLIANCE OF SECURITY ANALYSIS PROFESSIONALS

Since 2004

Warning My killer dog at work.

QUOTE

#3 simon1

simon1

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 30 January 2007 - 08:11 AM

Thank you for your prompt reply - please see both the HIJACK log which I just ran after updating adaware and doing a scan. As previously mentioned, I again had to delete information on the HK_user S-1-5-36 etc. file (media related). System was clean of spyware. At the end I am including the lava soft report. Again THANK YOU!


Logfile of HijackThis v1.99.1
Scan saved at 1:03:00 AM, on 30/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\TEMP\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enCA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:12080
F2 - REG:system.ini: Shell=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab53083.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab53083.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab53083.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1161759617781
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/...tz.cab53083.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab53083.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab53852.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Lava Soft Report - just thinking that this could possibly be part of the spybot S&D information:

[0 Possible New Malware 0]
content=Any object detected here should be treated as a potential new malware. Objects of type "File" which are detected as "Possible New Malware" should be submitted to Lavasoft for analysis. This can be done at http://www.lavasoftr....com/submit.php
tacindex=3
[123Search]
content=Browser toolbar that may have malicious charasteristics.
tacindex=2
[180Solutions]
content=Installs and operates in stealth. Opens pop up windows. Also named 180SearchAssistant
tacindex=4
[2020Search]
content=Malware, Hijacker
tacindex=4
[2-seek Toolbar]
content=Browser Toolbar with no EULA and incomplete uninstaller
tacindex=3
[404search]
content=Tracks Browser Use
tacindex=5
[7adpower]
content=7AdPower is an ActiveX component that can be used to download and install dialer programs that call premium rate numbers
tacindex=6
[7FaSSt]
content=Installed by ActiveX. Installs a user ID. Tracks browser use. Records the names of folders, images and other objects on the system.
tacindex=7
[7search-BrowserAccelerator]
content=Installed by ActiveX. Installs a user ID. Travxcks browser use. Records the names of folders, images and other objects on the system.
tacindex=7
[AB System Spy]
content=AB System Spy is a commercial keylogger and monitoring tool. It has the ability to monitor your connections, desktop, clipboard and take screenshots. AB System Spy is produced by Aby Software - http://www.abysoftware.com
tacindex=10
[ABetterInternet.Aurora]
content=Transponder (VX2)-stuff
tacindex=10
[ABetterInternet.Nail]
content=ABetterInternet.Nail, previously known as VX2, is a component of Direct Revenue's Aurora. Nail can integrate tightly with the operating system and may require a removal tool to be run to completely eliminate it. Lavasoft provides the VX2 Cleaner for this purpose, which can be found at http://www.lavasoft.com/download
tacindex=5
[Abox]
content=Abox (A.K.A Adult Box Dialer) is a porn related malware, which can place icons, links and pop-up windows on your desktop. It is installed unsolicited by various trojan downloaders and droppers. When installed, Abox will retrieve porn related content from the Internet by dialing unauthorized connections or connecting to servers using an existing connection
tacindex=6
[AccuLoader Dialer]
content=Generic Dialer (mostly adult content)
tacindex=5
[Aconti-Dialer]
content=Generic Dialer (mostly adult content)
tacindex=5
[ACsoftware.Narod]
content=n/a
tacindex=7
[ActivShopper]
content=Displays advertising with the user's consent. No privacy policy is available, but does not raise any further privacy issues. Uninstaller not fully functional.
tacindex=1
[ActualNames]
content=Installs a user ID. Tracks browser use
tacindex=7
[AdBar]
content=Displays unsolicited advertisements.
tacindex=5
[AdBlaster]
content=Trackware, Ad client.
tacindex=7
[AdBreak]
content=Installs a BHO. Causes pop up ads. Tracks click thrus.
tacindex=7
[AdDestroyer]
content=Connects in stealth to the Internet after reboot without users permission. Causes pop up ads. No uninstaller.
tacindex=5
[AdGoblin]
content=Trackware, causes Popups.Installs unsolicited
tacindex=6
[Adintelligence.AproposToolbar]
content=Installs unsolicited, tracks browser usage, several variants do not include uninstaller, connects to adintelligence servers to perform automated updates without user consent.may cause system instabilities. The latest strains of Apropos are known to use rootkits.
tacindex=10
[Adlogix]
content=Downloads advertisements from a host server and displays them as pop-ups on the client machine
tacindex=3
[AdPartner]
content=Causes pop up ads. Installation is undisclosed. No uninstaller
tacindex=6
[AdPlus-SurferBar]
content=Browser Hijacker. Opens pop up ads.
tacindex=6
[Ad-Popper]
content=Ad client that causes Windows Messenger pop ups.
tacindex=6
[Adpower]
content=Unsolicited popups, browser hijack
tacindex=7
[AdRoar]
content=No EULA. No uninstaller. Opens pop up ads. Installs other items.
tacindex=6
[AdRotator]
content=No uninstaller. No EULA. Installs other items. Opens pop up ads.
tacindex=6
[AdShooter]
content=Trackware, Ad-client
tacindex=6
[Adsincontext]
content=Trackware, Ad-client.
tacindex=6
[AdsPlus]
content=Installs unsolicited, connects to a remote system without user consent, generates popups
tacindex=4
[Adtomi]
content=No uninstaller. Masks operation.
tacindex=5
[Adult Material]
content=Porn Dialer
tacindex=6
[Adultlinks Quickbar]
content=Adds an IE explorer bar and links to porn sites.
tacindex=6
[AdultXut]
content=Opens pornographic websites. No uninstaller.
tacindex=4
[adv.fxns.net]
content=No uninstaller. Installs other items. Operates in stealth.
tacindex=8
[Adware.180Solutions.SeekmoSearchAssistant]
content=Adware.180Solutions.SeekmoSearchAssistant is a new search assistant from 180solutions, it is a search-based advertising application designed to show targeted advertisements related to products or services you are searching for online.
tacindex=4
[Adware.2Search]
content=Adware.2Search is monitors visited URL sites in Internet Explorer
tacindex=3
[Adware.Adhelper]
content=Adware.Adhelper is a advertisement program. Adware.Adhelper updates itself from the Internet. It may be installed by trojans otherwise it must be installed manually.
tacindex=4
[Adware.AdMedia]
content=Adware.AdMedia is a advertisments program that might be installed by trojans. Adware.AdMedia displays pop-up / pop-under
tacindex=10
[Adware.Admess]
content=Popups ads.
tacindex=5
[Adware.AdNow]
content=Adware.AdNow installs itself to the system directory, and then contacts urls silently to download other applications, such as baidu, coolwebsite,desktop media, huaci, etc.
tacindex=10
[Adware.Adstation]
content=Displays pop-up Advertisements. Connects to remote site.
tacindex=3
[Adware.AdwarefilterToolbar]
content=Adware.AdwarefilterToolbar may be installed by a trojan downloader/dropper and provides no uninstaller. It advertises the AdwareFilter client, which is a rogue Anti spyware.
tacindex=5
[Adware.Advertismen]
content=Adware.Advertismen displays advertisements in a pop up window or directly inside the browser window; it periodically communicates with a server operated by advertisemen.com and/or third party servers.
tacindex=3
[Adware.Agent]
content=Adware.Agent is a family of uncategorized generic adware application. The generic adware may cause pop-ups and/or other types of advertisment to appear on the computer where installed.
tacindex=5
[Adware.Alibaba]
content=Adware.Alibaba operates in stealth and silently inserts url's into Internet Explorers history file. These urls link to pages with further links, passing a referrel ID. Aware.Alibaba appears to be chinese in origin and may be downloaded by trojans.
tacindex=6
[Adware.Allsum]
content=Adware.Allsum may expose the user on a infected computer for pop-ups and advertisment. Search queries may be logged.
tacindex=3
[Adware.Astro]
content=It is a Chinese application which displays roll-up advertisements based on users' surfing content.
tacindex=3
[Adware.AXFibula]
content=Adware.AXFibula is a adware dropper.
tacindex=10
[Adware.Baidu]
content=Adware.Baidu is a asian toolbar that force installs a BHO. It doesnt have a uninstaller and it is very hard to remove. May advertise random products.
tacindex=10
[Adware.BeSys]
content=AdWare.BeSys periodically downloads advertisement lists from a Chinese website and displays these as pop-ups on your desktop. These advertisements are Chinese.
tacindex=3
[Adware.BHO(generic)]
content=This family is a generic detection for various Internet Explorer Browser Helper Objects. BHOs are .dlls that IE loads while starting up, and they can perform various tasks, like displaying pop-up advertisements.
tacindex=3
[Adware.BocaiToolbar]
content=It is a Chinese program, installs a toolbar on the Internet Explorer, and may redirect Interent Explorer searches and display pop-ups.
tacindex=3
[Adware.CasClient]
content=Adware.CasClient operates in stealth and causes pop-ups to spawn on the host computer. May also record queries entered into Internet Explorer
tacindex=5
[Adware.CashBack]
content=Adware.CashBack installs its own client along with thrid-party software (that has been known to include NaviSearch and BargainBuddy). Causes frequent pop-ups to appear.
tacindex=9
[Adware.CashDeluxe]
content=It is a trojan, falsely alerting the user that the computer is infected with virus or spyware, and then advises the user to download affiliated rogue anti-spyware programs. It may also download and install other malicious.
tacindex=6
[Adware.CasinoClient]
content=Logs keywords in Web-based search engines. Displays advertisements at random intervals.
tacindex=5
[Adware.Crystalys]
content=Adware.Crystalys installs as a browser helper object (toolbar). It modifies browser settings and is reported to transmit data and download new applications. The presented EULA is very vague and after installing, the application is no longer visible.
tacindex=5
[Adware.CtxPopup]
content=Adware.CtxPopup is a Browser Helper Object, and displays pop-up advertisements.
tacindex=3
[Adware.Cygo]
content=It is a Browser Hijacker; redirects the browser home page to "www.cygo.net" and the default search to "search.cygo.net"; adds a button in the Internet Explorer toolbar
tacindex=5
[Adware.DAE]
content=Deliver ads, opens unsolicited pop-ups. aka Response Target
tacindex=7
[Adware.DesktopMedia]
content=Adware.DesktopMedia displays advertisements while the user browses the web with Internet Explorer; while executing this application, it contacts dmcast.com; it is often bundled with Adware.DuDu, and they are developed by the same company.
tacindex=4
[Adware.DigitalNames]
content=It is a adware application which may generate advertisements while browsing web sites. It hijacks the search keywords in order to display related advertisements. There is no EULA/privacy policy displayed during installation.
tacindex=6
[Adware.Director]
content=Published by maxifiles.com, no more information at present.
tacindex=3
[Adware.DiyBar]
content=DiyBar is a Chinese program; It installs as a Browser Helper Object and a toolbar on Internet Explorer which is capable of displaying advertisements; there is no EULA
tacindex=4
[Adware.DollarRevenue]
content=Adware.DollarRevenue is a downloader that installs multiple adware / malwares to the system silently and without user consent.This family may be installed by browser exploits through illegal porn / crack sites.
tacindex=10
[Adware.Dropper]
content=The Adware.Dropper family contains files which are known to drop advertising content, but are not categorised as Trojans. This could be custom built Wise Installers, or installers for a software which also drop ad content onto the system
tacindex=10
[Adware.DuDu]
content=Adware.DuDu is a Chinese application that shows advertising while browsing with Internet Explorer. It is part of a bundled install and installs without user consent. There is also an English version of this application
tacindex=4
[Adware.EBoard]
content=Displays advertisement, tracks surfing habits, drains system resources
tacindex=3
[Adware.Emusic]
content=Adds a link in the Internet browser that will connect the user to its main Web site when clicked. Adware may unknowingly be installed with no EULA. Uninstaller will nott uninstall all the files. Files left in the %windir%.
tacindex=3
[Adware.EnergyPlugin]
content=Adware.EnergyPlugin gives installing users access to certain free web resources at the cost of receiving advertisements. This software is known to be installed by trojan downloaders, without user knowledge or consent
tacindex=4
[Adware.EShopee]
content=error hijacker, and may deliver contextual advertisements to the uer's desktop
tacindex=3
[Adware.EyeWeb]
content=It is a Browser Hijacker, changes browser home page to "www.winz.co.kr", and opens pop-up advertisements. It is Korean origin
tacindex=3
[Adware.Eztracks]
content=It installs itself as a Browser Helper Object, and adds an Internet Explorer toolbar named as "IEToolbar". There is no EULA or privacy policy.
tacindex=3
[Adware.Ezurl]
content=Adware.Ezurl installs a system hook that maps keyboard strokes. May cause pop-ups to spawn, and may also send personal information to remote sites.
tacindex=3
[Adware.FCHelp]
content=Adware.FCHelp displays advertisements, and attempts to connect to "www.fullcontext.net". Adware.FCHelp and modifies registrysettings and have running backgrounds processes.
tacindex=3
[Adware.FindSpy]
content=It provides false alert in the system tray, which looks the same as typical windows security alert. It directes the user to "msnagent.com" once the user clicks the security balloon.
tacindex=3
[Adware.FOne]
content=Displays targeted advertisements and monitors users browsing habits. Drops additional advertising applications/components
tacindex=5
[Adware.FreeAccessBar]
content=Adware.FreeAccessBar monitors web surfing activity, transmitting google searchwords to their servers, and popping up targeted advertising.
tacindex=4
[Adware.Freeprod Toolbar]
content=An Internet Explorer toolbar, may relate to MaxSearch
tacindex=3
[Adware.GAIN.Dashbar]
content=Adware.DashToolBar A.K.A SearchScoutToolbar is known to install GAIN software and change browser security settings. This can open the system up to further installation of unwanted adware / malware.
tacindex=7
[Adware.GAIN.WebSecureAlert]
content=it is by GAIN Publishing, it will display pop up advertisements on your computer screen based on your online Web surfing behavior.
tacindex=3
[Adware.Henbang]
content=Adware.Henbang is a chinese adware application, named "Henbang Desktop Portal" (HDP). It installs as a Browser Helper Object and displays pop up advertisments on the computer
tacindex=4
[Adware.HotSearchBar]
content=Displays advertisement without the user's consent. Injects links into favorites and registry. Changes browsing results.
tacindex=3
[Adware.HuaCiSou]
content=Adware.HuaCiSou is a Chinese adware application. It displays search links related to highlighted text in web pages, emails, and also may display pop up advertisements.
tacindex=4
[Adware.Iebar]
content=It is a Browser Helper Object, adds a browser toolbar, and may display advertisements. It might trick the user to installed the program via an ActiveX installer on a web page.
tacindex=3
[Adware.IEHlpr]
content=It is a Browser Helper Object, displays advertisements mostly on Chines.
tacindex=3
[Adware.Infocrawler]
content=It adds a toolbar on Internet Explorer, tracks browser uses, and may display advertisements
tacindex=3
[Adware.Instafinder]
content=Instafinder is a search-page hijacker that redirects searches for non-existent sites to its own. It is usually installed via 3rd party software, and in some cases reported to be undisclosed prior to installation
tacindex=3
[Adware.Interkey]
content=It is a toolbar, currently there is no more description of it.
tacindex=3
[Adware.iPend]
content=changes keywords in Webpages so that links to another Web site, may cause Internet Explorer crashes
tacindex=6
[Adware.KeenValue]
content=Adware.KeenValue distributes the data about your browsing habits for analyses. Based on your browsing habits Adware.KeenValue will prompt advertising popups.
tacindex=3
[Adware.Koolbar]
content=Adware.Koolbar installs and operates in stealth on the host system. It may cause pop-ups to appear and other advertisment to appear. No EULA provided.
tacindex=7
[Adware.Latendis]
content=It displays advertisements and may run its processes in background on the compromizsd computer.
tacindex=3
[Adware.LetsCool]
content=Adware.LetsCool changes the wallpaper and installs a hidden BHO. The uninstaller provided does not remove the hidden BHO. It may cause pop-ups or other kinds of advertisment.
tacindex=10
[Adware.LinkMaker]
content=Captures keywords and search terms entered into Internet Explorer, to provide targeted news and advertisements on a "whats related" style toolbar
tacindex=3
[Adware.LinkOptimizer]
content=Adware.LinkOptimizer operates in stealth and does not provide a functional uninstaller. It may cause advertisment to pop-up, and it also may redirect search queries.
tacindex=4
[Adware.Look2Me]
content=Adware.Look2Me operates in stealth, monitoring web surfing activity, transmitting the information to remote servers and displaying pop-up targeted advertisements in your web browser. There are no license terms or EULA for this software. Adware.Look2Me is known to be installed by variants of CoolWebSearch and/or variants of the VX2 family.
tacindex=7
[Adware.LoopAd]
content=Adware.LoopAd may cause pop-up or other advertisment to spawn on the computer where installed.
tacindex=3
[Adware.MasterBar]
content=It installs a toolbar on Internet Explorer, and changes browser settings hijack your searches and route all traffic through a proxy of their choice.
tacindex=3
[Adware.Maxifiles]
content=Adware.Maxifiles usually takes the form of a toolbar, being installed through Active-X but also reported to be spread through AOL and AIM, being force installed by worms. It may change browser settings and install other software to the system
tacindex=5
[Adware.Mediapipe]
content=Adware.Mediapipe (the billing portion) is a billing reminder service that shows pop-up reminders for the user to fulfill their billing obligations. This service is used by Movieland.com and is currently under review.
tacindex=4
[Adware.Metastop Toolbar]
content=It adds a Toolbar on Internet Explorer, and it is a search hijacker, redirecting to savehits.com
tacindex=4
[Adware.Mirar]
content=Adware.Mirar gathers information from search terms and visited websites and displays advertisements based on the gathered information.
tacindex=3
[Adware.MMSAssist]
content=It is a Chinese adware application, and it installs as a Browser Helper Object. It displays advertisements while using Internet Explorer.
tacindex=3
[Adware.Mshtmpre]
content=Browser Helper Object, pop-up windows
tacindex=2
[Adware.MyToolbar]
content=Adware.MyToolbar preforms automatic updates and installs on all user accounts. May cause pop-ups or other forms of advertisment to spawn on the computer where installed
tacindex=3
[Adware.NaviPromo]
content=unknown one, may cause pop-ups
tacindex=3
[Adware.NewWeb]
content=It is Chinese origin, it downloads and displays advertisements. It can be downloaded and installed from a web page there they trick the user to install the program through a ActiveX installer.
tacindex=4
[Adware.P2PNetworking]
content=Adware.P2PNetworking it is a content distribution system based on peer-to-peer principles, and it is often bundled with software, such as Kazaa. It changes browser settings, and may display ad content
tacindex=3
[Adware.Pacimedia]
content=adware aka pacer
tacindex=3
[Adware.PLook]
content=Adware.PLook operates in stealth, redirecting your Google search strings and displaying pop-up advertisements.
tacindex=5
[Adware.PluginDL]
content=Adware.PluginDL displays advertisment based on keywords in the websites the user visits.
tacindex=3
[Adware.Podcast]
content=Adware.Podcast installs itself using downloaders that in stealth downloads and installs Podcast. It then, pretty frequently, causes pop-ups and other advertisment to spawn.
tacindex=3
[Adware.Pop]
content=This detects a component of PopCap Loader from Popcap Games. It is a Web plug-in that provides Web update features.
tacindex=3
[Adware.PremiumSearch]
content=It changes browser settings, injects many links into favorites. No euala is presented and it might be installed by trojans.
tacindex=10
[Adware.QuickLinks]
content=redirects your searches to affiliate sites and may monitor your seacrh items
tacindex=3
[Adware.RaxSearch]
content=It installs itself as a Browser Helper Object, monitors search keywords and sends them to "www.raxsearch.com/gettotal"
tacindex=5
[Adware]
content=Trackware, Ad client.
tacindex=6
[Adware.Roogoo]
content=It is an adware application, they call it as online behavioral marketing media. It tracks users's surfing habits, and displays targeted advertisements.
tacindex=3
[Adware.SafetyBar]
content=Adware.SafetyBar may be installed from a trojan downloader. It advertises other scam products and tries to get the user to buy these.
tacindex=3
[Adware.Searchcolours]
content=Adware.Searchcolours doesnt have a working uninstaller or any EULA. May cause pop-ups to spawn where installed.
tacindex=4
[Adware.Searchforit]
content=Adds a BHO toolbar Cas Class (ca.DLL) and connects to searchforit.com and searchexpert.com
tacindex=3
[Adware.SearchingAll]
content=Adware.SearchingAll claims to provide a desktop search tool that integrates with Google, but in reality it redirects your searches through searchingall.com
tacindex=4
[Adware.SideBySideSearch]
content=Directs web searches to sidebysidesearch.com and opens pop-up advertisements
tacindex=4
[Adware.Sidesearch]
content=Adware.Sidesearch operates in stealth, silently transmitting search terms entered into one search engine, and routing them to another, then popping up a window and showing manipulated search results. Adware.Sidesearch seems to be related to Softomate Toolbar
tacindex=6
[Adware.SinaBar]
content=It installs as a Browser Helper Object, and it is a Chinese origin.
tacindex=3
[Adware.SnuffBar]
content=It adds a Toolbar on the Internet Explorer, and it is Korean origin
tacindex=3
[Adware.Sooe]
content=Adware.Sooe uses a vb script to download additional files from a remote source, then it installs these files and makes them operate in stealth. May cause pop-ups to appear.
tacindex=10
[Adware.Soso]
content=Adware.Soso may cause pop-ups or other advertisment to spawn.
tacindex=3
[Adware.STIEBar]
content=Adware.STIEBar installs as a BHO (Browser Helper Object), adding its own search button and toolbar
tacindex=3
[Adware.Suggestor]
content=Adware.Suggestor is a browser helper object that are forced installed by trojans downloader or trojan droppers. It migh display popup for the user based on search strings.
tacindex=10
[Adware.SystemProcess]
content=Adware.SystemProcess displays pop-up advertisements. It modifies security and firewall settings to allow access to the sites providing the pop-ups. Distribution through undisclosed installs and bundling with free software.
tacindex=10
[Adware.Toolband]
content=a browser helper object, adds a tool bar on windows explorer and Internet Explorer
tacindex=3
[Adware.ToolbarDeepDive]
content=Unsolicited popups, browser hijack, changes browsing results
tacindex=8
[Adware.TotalVelocity]
content=Adware.TotalVelocity is an adware component that displays pop-up and pop-under advertisements when you surf the Internet. It tracks your surfing habits and can automatically update
tacindex=3
[Adware.TrafficSol]
content=Adware.TrafficSol installs a dll file into the system32 folder. The malicous dll file hijacks the iexplorer browser. When the user is doing standard searches in the browser it will be exposed with pop ups and force installs of rogue anitispyware programs.
tacindex=6
[Adware.TSBot]
content=Adware.TSBot connects to a server to download advertisements and displays these on your desktop. These could take the form of pop-ups or full screen advertisements.
tacindex=3
[Adware.UniversalTB]
content=Adware.UniversalTB is an Internet Explorer toolbar which hijacks your browser settings, setting your home page to http://simplenter.com
tacindex=3
[Adware.VB]
content=there is no more description at present.
tacindex=3
[Adware.Webext]
content=Adware.Webext is a Browser Helper Object which tracks keywords entered into Internet Explorer and displays targeted advertisements based on this information. It may also slow down browser performance. When loading Internet Explorer, communication is made with trafficsector.com
tacindex=6
[Adware.WebRebates]
content=WebRebates tracks users' internet activities, and displays rebate messages.
tacindex=3
[Adware.Websearch]
content=Browser hijacker. Tracks browser use. Adds a search toolbar to Internet Explorer and icons to the system tray. Ad-Aware may detect this security risk as IBIS Toolbar before.
tacindex=9
[Adware.WeirdOnTheWeb]
content=Tracks user browsing habits and may display pop-ups advertisments. The software can be installed manually or as part of another software install.
tacindex=3
[Adware.WeirWeb]
content=Adware.WeirWeb installs and operates in stealth. May expose the user of a infected system to adware and pop-ups. No uninstaller is providied.
tacindex=5
[Adware.Winadiscount]
content=Adware.Winadiscount installs as an Internet Explorer toolbar. When active, it tracks your internet searches, transmitting the typed keywords to its servers. This information is used to generate pop-under advertisements, every time a search term is entered. Adware.Winadiscount shows no EULA or Privacy Policy before, or after installation
tacindex=5
[Adware.WorldSearch]
content=A Browser Helper Object, while browsing Internet, some connections are made with "search-world.net", changes desktop's setting
tacindex=3
[Adware.WSearch]
content=It is a similar program as Adware.DesktopMedia, and it is bundled with Adware.HuaCiSou
tacindex=3
[Adware.Yazzle]
content=Adware.Yazzle tricks the user into install a game that is bundled with Adware software. Adware.Yazzle can also be installed without user consent while accessing websites that use browser exploits to force install by trojan downloaders. The software is not removed by the supplied uninstaller
tacindex=7
[Adware.ZenoSearch]
content=Adware.ZenoSearch displays pop-up advertisements based on searches users perform on popular web search engines, such as google.com, yahoo.com, search.msn.com, search.lycos.com, search.aol.com, etc
tacindex=4
[Adware.Z-Quest]
content=displays advertisements
tacindex=4
[AdwarePunisher]
content=AdwarePunisher is a rogue anti-spyware and clone of SpyGuard; it may give exaggerated threat reports on the compromised computer, and then asks the user to purchase a registered version to remove those reported threats.
tacindex=4
[AdwareSheriff]
content=AdwareSheriff uses false positives detections to trick the user into buying the commercial version. AdwareSheriff can be stealth installed by Trojan Downloaders. No Privacy policy is disclosed to the user prior to installation. SpywareSheriff is its clone version.
tacindex=5
[AdwareSoft]
content=It monitors browser activity, and changes the start page and url prefixes for Microsoft Internet Explorer
tacindex=3
[AdvertBar]
content=Pay to surf program. Status; discontinued.
tacindex=5
[Aflooder]
content=Installs in stealth. Opens a system vulnerability.
tacindex=6
[AlertSpy]
content=AlertSpy is a rogue anti-spyware that uses false positives to trick user to upgrade to enable the remove function.
tacindex=3
[Alexa]
content=Installed with Internet Explorer and some Microsoft updates. Alexa is the "What's Related links" feature on your Internet Explorer toolbar. Alexa technology uses a 'web crawler' (bot) only when the toolbar is in use.
tacindex=5
[AlfaCleaner]
content=AlfaCleaner claims to be a genuine antii-spyware scanner. It installs through trojan downloaders that display fraudulent messages such as "Your computer is infected" messages in the style of microsoft tray balloons. Alfacleaner may create system instability after being run leading to an inability to login to windows.
tacindex=10
[All-In-One Telecom]
content=Generic Dialer
tacindex=5
[Alset]
content=No EULA. Opens pop up ads.
tacindex=7
[AltnetBDE]
content=Installs unsolicited. Connects to a remote system without the user's awareness to transmit/receive information
tacindex=4
[Annotate Technologies]
content=Incomplete uninstaller. Tracks Browser Use.
tacindex=3
[Anonymouse]
content=Anonymouse displays advertisements to the user when surfing the web. It alters the browsing results so that all traffic is being fetched through a CGI script on the page. None of the above is disclosed to the user.
tacindex=3
[AntispywareSoldier]
content=User can download this rogue anti-spyware program at http://www.antispywaresoldier.com. But it often comes bundled together with malicous downloaders on other homepages. Antispyware Soldier's spyware detection is false, and may show false positives just to swindle the user into thinking it's a trustworthy program. The uninstaller is non-functioning.
tacindex=3
[AntiVermins]
content=AntiVermins is an rogue antispyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it's a good program that removes viruses. If the user restarts the computer, AntiVermins automatically scans the user's harddrive and the software is running on all user accounts.
tacindex=3
[AntiVirusPro]
content=AntiVirusPro purports to be a genuine anti-virus/anti-spyware program, but gives exaggerated reports of threats; It may be installed by using fraudulent messages on the system caused by trojans
tacindex=4
[Ardamax Keylogger]
content=Ardamax Keylogger is a commercial keylogger that monitoring your keystrokes.
tacindex=10
[AsianRaw Dialer]
content=Porn Dialer
tacindex=5
[AsinLover]
content=No uninstaller. Installs in stealth. Auto updates.
tacindex=8
[a-softnet]
content=Installs and operates in stealth. Opens pop up windows.
tacindex=6
[Atelys]
content=No uninstaller. Operates in stealth.
tacindex=6
[Atztecmarketing.syscpy]
content=No uninstaller, Trojan Horse, opens a system vulnerability, operates in stealth
tacindex=8
[Aureate]
content=Trackware, Ad client. Also known as Radiate.
tacindex=5
[AutoSearchBHO]
content=IE Browser Helper Object that hijacks address-bar searches to www.tunders.com.
tacindex=5
[Avatar Resources]
content=No uninstaller. No EULA. Installs other items.
tacindex=6
[Backdoor.Coldfusion]
content=Backdoor.Coldfusion is a trojan that will get unauthorized access to a compromised system.
tacindex=10
[Backdoor.HackDefender]
content=Backdoor.HackDefender is a trojan that hides processes, services and files from being listed for users.
tacindex=10
[Backdoor.Nightmare]
content=Backdoor.Nightmare is a trojan that will give unauthorized access to a compromised system.
tacindex=10
[Backdoor.Prorat.16]
content=a backdoor which allows unauthorised access or control of the computer from a remote location
tacindex=8
[BargainBuddy]
content=Bargain Buddy is an advertising, monitoring, and browser hijacking software. It will track pages you visit, and search terms you enter, transmitting this information to a remote server. It will also redirect mis-spelled or non-existing urls (Internet addresses) to a page of its choice
tacindex=8
[BBS DarkCollection]
content=No uninstaller. Operates in stealth.
tacindex=6
[BDSearch Plugin]
content=Installs a Browser Helper Object, tracks search queries.
tacindex=3
[begin2search]
content=Internet Explorer Hijacker.Browser Helper Object.Tracks search queries entered into the toolbar, shows popups.
tacindex=3
[Berth Star]
content=Installs in stealth. Opens pop up ads.
tacindex=7
[BestPhrases]
content=No EULA. Browser Hijacker.
tacindex=7
[BeWeb SRL]
content=Porn Dialer
tacindex=5
[BFK Keylogger]
content=BFK Keylogger (Best Free keylogger) is a free keylogger that might be used for illegal use on your system.
tacindex=10
[Biester Dialer]
content=Generic Dialer
tacindex=5
[Big-Tgp Dialer]
content=Generic Dialer
tacindex=5
[BirdSpy]
content=BirdSpy is Taiwanese origin. It is a backdoor, trojan, and remote control tool.
tacindex=10
[Bizonio]
content=No uninstaller. Browser Hijacker
tacindex=4
[BlazeFind]
content=Browser Hijacker. May cause system instability.
tacindex=5
[BlazingTools Perfect Keylogger]
content=BlazingTools Perfect Keylogger is a commercial keylogger.
tacindex=6
[Bloiscom Dialer]
content=Generic Dialer
tacindex=5
[BlueFudelta]
content=No uninstaller. Installs and operates in stealth. Auto updates.
tacindex=8
[Bokja NetInfo]
content=n/a
tacindex=4
[BonziBuddy]
content=Trackware.Collects personal information. Tracks users browser history.
tacindex=7
[BookedSpace]
content=No uninstaller. May cause browser instability. Undisclosed installation. Installs other items. Opens unsolicited websites. Tracks Browser Use.
tacindex=10
[BoonPie]
content=No uninstaller. No EULA. Operates in stealth.
tacindex=8
[BPK.Keylogger]
content=Operates in stealth. Monitors user's keystrokes.
tacindex=5
[BPS SpywareRemover]
content=BPS SpywareRemover is a rogue anti-spyware, false positives works to trick the user to purchase. List know anti-spyware as spyware.
tacindex=3
[Brasirc IRC Vulnerability]
content=n/a
tacindex=7
[BraveSentry]
content=BraveSentry is a rogue anti spyware program; it displays fake warnings on user's computer in order to attrack the user to purchase its full commercial version; it may related to Spysheriff/SpywareNo.
tacindex=3
[BrilliantDigital]
content=Capable of installing components and selling your hard drive space, CPU cycles, and bandwidth. (warning: if you go there with BDE installed it will try to install more components and updates automatically).
tacindex=6
[BroadCastPC]
content=Tracks web usage. Targeting is based on web usage patterns. Delivers ads (tv and HTML) at specific times even if the user is offline. Downloads and deletes content from users PC's. Uses 'viral' marketing. Allso known as BroadCap.
tacindex=7
[BrowserAid]
content=Variations may install a toolbar. Some versions cause popups.Trackware, some distributions hijack IE.
tacindex=6
[BrowserPal]
content=Also known as BrowserAid.
tacindex=6
[BucksToolbar.BHO]
content=Have active-x window pop up when the surfer clicks on a link, video, image, etc. or have it set up to automatically pop up when the surfer visits or leaves your page.
tacindex=7
[Buddy Browser]
content=Auto updates. Hidden or nonpresent EULA.
tacindex=7
[BuddyLinks]
content=Hidden Install. Opens unsolicited websites.
tacindex=5
[BuddyMediaBHO]
content=Browser Helper Object.Installs unsolicited.Connects to a remote host without user consent.May download and install additional components.
tacindex=8
[BuddyPictures]
content=No uninstaller. Installs and operates in stealth.
tacindex=8
[BullaBHO]
content=BHO. Claims to pay users for clicking banners. Places its own ads over the ads on websites you are viewing. Browser Hijacker. Tracks users.
tacindex=10
[BunuDene Dialer]
content=Generic Dialer
tacindex=5
[CarpeDiem]
content=Porn Dialer
tacindex=5
[CashSurfers]
content=Opens unsolicited websites. Changes search settings.
tacindex=5
[CasinoPalazzo]
content=Porn Dialer
tacindex=5
[Central-24 Dialer]
content=Porn dialer.
tacindex=5
[Cermeli]
content=No uninstaller. Operates in stealth.
tacindex=6
[CharityBuy]
content=Opens pop up ads. Installed by other items in detection.
tacindex=5
[Chat-und-flirt Dialer]
content=Generic Dialer
tacindex=5
[CL55-Biz]
content=Operates in stealth. No uninstaller.
tacindex=4
[ClearSearch]
content=ClearSearch is an adware and a browser hijacker. It will connect to its own websites to track user surfing activity and open pop-up ads based on this. It may be installed manually be bundled with another software
tacindex=7
[CleverIEHooker.BHO]
content=BHO Popping ads
tacindex=5
[Clickbank.Affiliate]
content=Malware.Installs unsolicited.Creates fake security warnings (popups) for "noadware" at random intervalls.No uninstaller provided
tacindex=7
[ClickSpring]
content=Opens pop up ads. No uninstaller.
tacindex=6
[ClientMan]
content=Advertising parasite. Adds (overwrites current links) yellowish links to web pages, opens popups, and redirects search engine results.
tacindex=7
[ClipGenie]
content=Creates user profiles and installation is undisclosed.
tacindex=4
[CmdServices]
content=CmdServices runs as a Windows service and displays pop-up advertisements
tacindex=4
[CnsMin]
content=In detection due to being installed by drive by download. Replaces Internet Explorers search features with Chinese sites.
tacindex=8
[CometSystems]
content=Bundle products undisclosed. Auto updates. Tracks user's surfing habits.
tacindex=8
[Commander Toolbar]
content=n/a
tacindex=5
[CommonName]
content=Browser search hijacker. Causes ads. Recent variant installs a Winsock LSP.
tacindex=7
[Concept Intl. Dialer]
content=Generic Dialer.
tacindex=5
[ConfuSearch]
content=n/a
tacindex=5
[Connector Dialer]
content=Generic Dialer.
tacindex=5
[Consul-info B.V Dialer]
content=Generic Dialer.
tacindex=5
[ContextuAd]
content=Delivers ads
tacindex=3
[CoolSavings]
content=Ad delivery software, collects personal and non-personal information used for targeted advertising
tacindex=5
[CoolWebSearch]
content=Malware, IE + SystemHijacker.Infects system by exploiting InternetExplorer Vulnerabilities.
tacindex=10
[Coulomb Dialer]
content=Porn Dialer.
tacindex=5
[CrackedEarth]
content=adds a search toolbar to Internet Explorer windows, fetched from the server bar.pornochicks.com
tacindex=3
[CrackSpider]
content=No uninstaller. Browser Hijacker. Opens pop up ads.
tacindex=4
[Cram.ToolBar]
content=This is a BHO that displays popups and popunders and alters your startpage to http://www.######-portal.com this BHO is assosiated with http://www.cracks.am
tacindex=7
[CrazyWinnings]
content=Installs unsolicited, may compromise IE trusted zone.
tacindex=8
[Crontel Ltd]
content=Dialer
tacindex=5
[CustomToolbar]
content=Tracks browser use and changes browsing results. Hidden install.
tacindex=7
[CyboorAd]
content=Installs unsolicited, runs in stealth, connects to a remote system without user consent
tacindex=5
[Cydoor]
content=Trackware, Ad delivery software, tracks users to perform targeted Advertizing
tacindex=7
[Cytron]
content=Worm, (pot.dll). Opens pop up ads.
tacindex=5
[D1Asia]
content=n/a
tacindex=5
[DailyToolbar]
content=IEToolbar.Installs unsolicited, creates Popups
tacindex=5
[DailyWinnerBHO]
content=Browser Helper Object, installs unsolicited through malware-droppers, several variants don't provide an uninstaller
tacindex=7
[damnhwer Project]
content=n/a
tacindex=5
[DataLine Dialer]
content=Porn Dialer
tacindex=4
[Date Regon]
content=Dialer
tacindex=5
[DateMaker]
content=Porn Dialer.
tacindex=5
[DBestRelief]
content=No EULA and opens pop up ads.
tacindex=5
[DealHelper]
content=DealHelper displays popups, popunder ads when the primary user interface is not visible. Auto updates and tracks browser use.
tacindex=7
[Default Search]
content=Browser Hijacker with no uninstaller.
tacindex=4
[DeluxeCommunications]
content=DeluxeCommunication is former known as SurfSideKick. It will install itself as a Browser Helper Object. DeluxeCommunications tracks surfing habits and may also cause system instabilities.
tacindex=10
[Densmail]
content=No EULA and operates in stealth.
tacindex=7
[Dial Net]
content=Generic Dialer.
tacindex=5
[Dial XS]
content=Porn Dialer
tacindex=5
[Dial33]
content=No uninstaller. Installs and operates in stealth.
tacindex=6
[Dialer Platform]
content=Generic Dialer.
tacindex=5
[Dialer.euro]
content=porn dialer
tacindex=5
[Dialer.IEDisco]
content=Internet Dialer. Installs Browser helper object.
tacindex=5
[Dialer.Mostrar]
content=Dials to pay phone numbers without users knowing about it.
tacindex=10
[Dialer.my-content]
content=a premium rate adult dialer, modify the Internet Explorer start page
tacindex=5
[Dialer.PrivateAccess]
content=Dialer, Advertisment to AmsterdamXXX.net
tacindex=5
[Dialer]
content=Generic dialer, installed unsolicited.
tacindex=5
[Dialer.Scom]
content=Premium rate dialer
tacindex=5
[Dialer.UDconnect]
content=Generic Dialer
tacindex=5
[Dialer.uyelik.net]
content=Premium rate porn dialer
tacindex=5
[Dialer.XCallSwitch]
content=Premium rate porn dialer installed by various trojandownloaders.
tacindex=7
[DialerData Dialer]
content=Generic Dialer.
tacindex=5
[Dialer-Offline]
content=Porn dialer
tacindex=5
[Dialerplatform]
content=Premium Rate Dialer that installs unsolicited
tacindex=7
[DialPass]
content=Generic Dialer.
tacindex=5
[DialXLite]
content=Premium rate porn dialer
tacindex=6
[Diaremover]
content=Diaremover is a rogue spyware that attempts scam the user into buy the product. Diaremover installs false positives that it the finds and claims to be very critical hits. Uses downloaders and droppers to install itself in stealth on a compromised system. The uninstaller only works partially, and may even reinstall the software later on.
tacindex=10
[Dividix]
content=Operates in stealth and opens pop up websites/ads.
tacindex=5
[Dluca]
content=Generic Dialer.
tacindex=5
[Dogpile Toolbar]
content=Browser Hijacker.
tacindex=3
[dotWorlds Client]
content=Tracks browser use, creates tracking cookies. Does not say what is done with collected information in EULA.
tacindex=3
[DownloadPlus]
content=Popupgenerator, Hijacker
tacindex=5
[DownloadWare]
content=Distributed through Foxxweb. Downloads and installs unsolicited software (Malware, Hijacker, Trackware), displays ads.
tacindex=8
[DriveCleaner]
content=DriveCleaner is a rogue anti-errorware that trick the user into buying the commercial version. DriveCleaner's distribution methods are stealthy and/or misleading.
tacindex=3
[DSSAgent]
content=Connects to www.brodcast.net and stage.broder.com, bundled with children software.
tacindex=8
[dw.com.com]
content=No uninstaller. Operates in stealth and opens pop up ads.
tacindex=4
[DyFuCA]
content=Also known as InternetOptimizer. Error page hijacker, malware. Installs unsolicited (Bundled with third party applications) runs stealth.
tacindex=3
[Dynamic Desktop Media]
content=Displays unsolicited advertisments.
tacindex=5
[eAcceleration]
content=Webcelerator Trackware.
tacindex=7
[EasySearch]
content=Browser hijacker
tacindex=3
[Easysoft.ru IRC Vulnerability]
content=Stealth install. IRC vulnerability.
tacindex=6
[Ebates MoneyMaker]
content=Ad client. Also known as Moe Money Maker.
tacindex=4
[E-Book.TexasHoldem]
content=Displays advertising content with the user's consent. No privacy policy is available, but does not raise any further privacy related issues.
tacindex=1
[Edge Tech]
content=Operates in stealth. Opens pop up ads. May cause system instability.
tacindex=6
[Edipole]
content=No uninstaller. Transmits information without user knowledge/permission.
tacindex=5
[EGroup Dialer]
content=Generic Dialer.
tacindex=5
[EliteKeylogger]
content=Keylogger.Logs all keystrokes.Installs unsolicited.Connects to a remote system to transmit information.
tacindex=8
[Elitum.ElitebarBHO]
content=Browser Helper Object.Installs unsolicited, tracks usage.
tacindex=5
[ePlugin]
content=Generic Dialer.
tacindex=5
[EPSystems DialerMaker]
content=Generic Dialer
tacindex=5
[ErosWoman]
content=Generic Dialer (mostly adult content)
tacindex=7
[EroticDialer]
content=Porn Dialer.
tacindex=5
[ErrorGuard]
content=Program masks as doing one thing, but does another by using false positives detections to trick the user into buying the commercial version. Privacy policy not disclosed to the user prior to installation. Does not provide a functional uninstaller
tacindex=7
[ErrorSafe]
content=Errorsafe, similar in nature to Winfixer and Winantispyware, claims to be a genuine error fixing program. It is similar in appearance and function to Winfixer and furthermore, comes from the same IP address; this software has been reported to be force installed and/or use aggressive and misleading advertising to persuade the user into installing it.
tacindex=10
[eSyndicate BHO]
content=Installs Unsolicited.Common IEHijacker
tacindex=6
[Etsur.Keylogger]
content=Hidden install. Keylogger. Operates in stealth.
tacindex=7
[eUniverse]
content=Bundled undisclosed install. Browser Hijacker. Auto updates. Tracks browser use. May cause system instability.
tacindex=10
[E-ventures NV]
content=Porn Dialer.
tacindex=5
[EverAd]
content=Ad Trojan.
tacindex=6
[EverClear]
content=Application is distributed through deceptive means to trick the user into installing, masked as MS Messanger. Changes browsing results.
tacindex=10
[ExactSearchBar]
content=IE toolbar. Tracks browsing history. Causes pop-ups.
tacindex=5
[EXDialer]
content=Generic Dialer.
tacindex=5
[Extreme-dm]
content=No uninstaller. Installs other items with knowledge/permission.
tacindex=6
[EzSearchbar]
content=An Internet Explorer toolbar. Causes pop up ads.
tacindex=6
[EzuLa]
content=Thiefware. Inserts its own yellow links on the website you are visiting.
tacindex=6

one down and probably 2 more to follow

#4 simon1

simon1

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 30 January 2007 - 08:16 AM

Lava soft continued:

[FactoryNetwork Dialer]
content=Porn Dialer
tacindex=5
[Fairtale Dialer]
content=Porn dialer
tacindex=5
[FakeAlert]
content=FakeAlert displays pop-ups (some kind of fake system security warning), and these pop-ups may redirect to antispywarebox.com which plugs rogue remover, such as SpywareSheriff, AdwareSheriff,TitanShield. Some variants try to download (from hotwinupdates.com) several functional EXE and DLL files to perform its functions.
tacindex=5
[FastFind]
content=Browser Hijacker.
tacindex=5
[FastSeeker]
content=Browser Hijacker.
tacindex=3
[Favoriteman]
content=IE Browser Helper Object. Connects to its controlling servers, which may direct it to download and install other programs, add entries to the IE Favorites or Desktop.
tacindex=8
[FindSex]
content=Porn Dialer.
tacindex=5
[FindWhateverNow]
content=IE Toolbar, Installs unsolicited, Tracks Surfing Habits, may download and install third party components without user consent.
tacindex=7
[FirstCash Websearch]
content=Trackware, tracks browsing to generate targeted advertizing.
tacindex=3
[FizzleBar]
content=Internet-Explorer Toolbar. Generates popups.Some variants do not feature an uninstaller
tacindex=5
[FlashenhancerBHO]
content=Browser Helper Object, distributed through unsolicited installations.Connects to a remote system without user consent, monitors users surfing habits.Retrieves and displays banner ads.
tacindex=7
[FlashTrack]
content=BHO. Tracks web pages viewed and terms entered into search engines. Also known as FlashPoint.
tacindex=7
[Flyswat]
content=Tracks user web browsing. Ad client. Newer versions overlay website links with thier own affiliates links.
tacindex=7
[FreeAccess]
content=Porn Dialer
tacindex=5
[FreeConnectLtd]
content=Premium Rate Dialer
tacindex=3
[FreeScratchCards]
content=Browser Hijacker.
tacindex=3
[FreeSex Dialer]
content=Porn Dialer.
tacindex=5
[FreeSlide]
content=No uninstaller. Installs other items with knowledge/permission.
tacindex=4
[free-windows-games]
content=Bundled install that is undisclosed. Transmits information without user permission/knowledge.
tacindex=4
[Friend Toolbar]
content=No uninstaller. Operates in stealth and opens pop up ads.
tacindex=6
[GAIN]
content=Opens pop up ads. Tracks browser use.
tacindex=7
[GetMirar]
content=No uninstaller. Hidden install. Browser Hijacker. Opens pop up ads.
tacindex=8
[GigaFinder]
content=Browser Hijacker that operates in stealth.
tacindex=5
[Gigatech Superbar]
content=Adds links to the results of other search engines that are from the site greasycow.com. Causes pop ups.
tacindex=5
[GigexAgent-SpeedDelivery]
content=EULA is not accessible/existant
tacindex=5
[Global Netcom Inc]
content=ActiveX installer for premium-rate phone dialers.
tacindex=5
[GlobalCS Dialer]
content=Generic Dialer.
tacindex=5
[GlobalDialer]
content=Generic Dialer.
tacindex=5
[Gloggle.Shing]
content=No uninstaller. Installs in stealth. Browser Hijacker. Operates in stealth.
tacindex=8
[GMSoft Dialer]
content=Generic Dialer.
tacindex=5
[GoClick]
content=Search engine Hijacker
tacindex=3
[GoGoTools]
content=GoGoTools is a browser helper object that monitors internet usage, shows advertisements and may install other components.
tacindex=4
[GoHip]
content=Browser and search hijacker. Adds affiliates bookmarks to the browser.
tacindex=5
[GoIndirect]
content=Dialer
tacindex=5
[Golden Eye]
content=Operates in stealth. Transmits usage statistics/personally identifiable information without user permission/knowledge
tacindex=5
[Golden Palace Casino]
content=Installs to all user accounts. Privacy policy does not adequately disclose what is done with collected information.
tacindex=5
[Gov.dirdy30]
content=No uninstaller. Hidden install. IRC Vulnerability.
tacindex=6
[Gratisware]
content=Advertising BHO. Causes pop up ads. Tracks ad views.
tacindex=8
[Grupox]
content=Generic Dialer.
tacindex=5
[GXB Dialer]
content=Generic Dialer
tacindex=5
[H@tKeysH@@k]
content=Keylogger, runs stealth, prevents removal
tacindex=5
[Heysen Dialer]
content=Generic Dialer.
tacindex=5
[Hide Windows]
content=a simple utility which can hide and reveal application windows
tacindex=3
[HighTrafficAdsBHO]
content=Installs a BHO. Search engine hijack. Adds a search result sidebar with its own links when a search is performed. Also known as SubSearch or Qual Net.
tacindex=5
[Hijacker.easywww]
content=common Internet-Explorer Hijacker. Runs stealth, installs unsolicited
tacindex=7
[Hijacker.IEHost]
content=IEHijacker.Installs unsolicited, replaces default search engine, does not provide uninstaller
tacindex=7
[Hijacker.Qyule]
content=Hijacker.Qyule is a chinese hijacker that changes many aspects of the browser settings, and pops up multiple advertising windows. Hijacker.Qyule will automatically updates and it may have bundled software.
tacindex=3
[Hijacker.TopConverting]
content=IE Browser Hijacker
tacindex=5
[Hi-Wire]
content=Trackware, Ad client, Targeted Advertizing.
tacindex=4
[Holystic-Dialer]
content=Porn Dialer
tacindex=5
[HOT Dialer]
content=Porn Dialer.
tacindex=5
[Hot-erotik dialer]
content=Porn Dialer.
tacindex=5
[Hotlink BHO]
content=Browser Helper object, SearchEx variant
tacindex=6
[HotVideo Dialer]
content=Porn Dialer
tacindex=5
[Httper]
content=Browser Hijacker. Opens pop up ads.
tacindex=3
[HttpFilter]
content=n/a
tacindex=5
[HungryHands BHO]
content=Browser Hijacker.
tacindex=3
[Hyena]
content=No uninstaller. Transmit information without user permission/knowledge.
tacindex=3
[IBIS Toolbar]
content=Browser Hijacker. Tracks Browser Use. Creates Tracking Cookies.
tacindex=5
[IBS-Dialer]
content=Porn dialer
tacindex=5
[iDonate.BHO]
content=Browser redirecter
tacindex=3
[IDR Popup]
content=n/a
tacindex=4
[IEHijacker.Find4u]
content=Common Internet Explorer Hijacker
tacindex=8
[IEHijacker.Gigasearch]
content=Internet Explorer Hijacker.Installs unsolicited. Adds an Internet Explorer Toolbar, may download and install additional components.Adds numerous urls to IE Favorites.
tacindex=8
[IEHijacker.HereToFind]
content=Common Internet Explorer Hijacker
tacindex=8
[IEHijacker.Hotoffers]
content=Common InternetExplorer Hijacker
tacindex=7
[IEHijacker.richfind]
content=Browser Hijacker, Installs unsolicited, Hijacks Internet Explorer Start and Search pages, Installs an IE Toolbar, Tracks search queries, Provides no uninstaller
tacindex=7
[IEHIjacker.SearchExe]
content=Common IEHijacker
tacindex=6
[IEHijacker.ZestyFind]
content=Installs unsolicited
tacindex=6
[IEHook]
content=No uninstaller. Transmits information without user permission/knowledge.
tacindex=3
[IELoader]
content=Installs other items without notice. Transmits information without user permission/knowledge.
tacindex=7
[IEmsg Hijacker]
content=Hijacks start page and default search engine, re-integrates itself upon reboot.
tacindex=4
[IETop100]
content=Malware, Browser Hijacker
tacindex=5
[IGetNet]
content=Installs a BHO. Browser and Hosts file hijacker.
tacindex=8
[I-LookUp]
content=IE toolbar. Adds a search sidebar, bookmarks to the Favorites menu (mostly affiliate links), browser hijacker.
tacindex=8
[ImIServer IEPlugin]
content=Installs a BHO. Monitors site URL's, information entered into forms, local filenames browsed, and causes pops ups.
tacindex=5
[IMSDialer]
content=Generic Dialer.
tacindex=5
[Infotel srl]
content=No uninstaller. Opens pop up ads.
tacindex=4
[Instafinder]
content=Search hijacker, no EULA, silent installer
tacindex=4
[InstantAlbert]
content=InstantAlbert sets itself as the default search engine in Microsoft Internet Explorer, and may display advertisements
tacindex=3
[InternetDelivery]
content=Trackware, Also known as Inet-Traffic.
tacindex=5
[IntexusDial]
content=Generic Dialer.
tacindex=5
[Invictus MediaUpdate]
content=Install a BHO, monitors pages you view, and opens or redirects to advertising.
tacindex=6
[IPInsight]
content=Tracks users browsing history. Collects personal data. Estimates age and geographical location.
tacindex=7
[IPSysDrv32.BHO]
content=Porn related Browser Helper Object. Can open windows to adult related sites, and change browsing results
tacindex=5
[IROffer]
content=Opens a system vulnerability.
tacindex=5
[Irww]
content=No uninstaller. May cause system instability.
tacindex=3
[iSearch Toolbar]
content=iSearch Toolbar is a browser hijacker that can be dropped by trojan downloaders from crack / porn related sites.
tacindex=4
[istbar.dotcomToolbar]
content=Browser Hijacker. Tracks Browser Use.
tacindex=5
[istbar]
content=Malware.Common IE Hijacker
tacindex=7
[JAJsoft.CSRS]
content=Bundled install that is undisclosed. Opens pop up ads.
tacindex=5
[Jeired]
content=No uninstaller. Operates in stealth. May cause system instability.
tacindex=6
[Jethouse.Bot]
content=No uninstaller. Hidden install. IRC Vulnerability.
tacindex=6
[JRaun]
content=No uninstaller. Hidden install. Installs other items without notice.
tacindex=6
[Jumpincowz IRC Vulnerability]
content=No uninstaller. Operates in stealth. IRC Vulnerability.
tacindex=8
[KeySpy]
content=Keylogger, monitors keystrokes
tacindex=7
[Kitten Free ###### Dialer]
content=Porn Dialer.
tacindex=5
[L3mer.pl IRC Vulnerability]
content=No uninstaller. Hidden install. IRC Vulnerability.
tacindex=6
[Litmus]
content=Opens a system vulnerability. Connects to perform or aids in a DDoS attack.
tacindex=5
[Locators.com Toolbar]
content=No EULA. Browser Hijacker. Tracks Browser Use.
tacindex=7
[Lop]
content=Browser Hijacker. No uninstaller. May cause system instability. Auto updates. Operates in stealth.
tacindex=7
[Loverspy Demo]
content=Hidden install. Operates in stealth. Tracks Browser Use.
tacindex=7
[Lycos Sidesearch]
content=Bundled install that is undisclosed. Use of Tracking Cookies. Tracks Browser Use.
tacindex=7
[lyredu.ath]
content=No uninstaller. Operates in stealth. Transmits information without user permission/knowledge.
tacindex=6
[LZIO]
content=Installs unsolicited, tracks surfing habits, transmits a wide range of personal identifyable information (such as software installed, hardware configuration).
tacindex=8
[MagicControl]
content=Bundled install that is undisclosed. Operates in stealth. Auto updates.
tacindex=7
[MainPean Dialer]
content=Premium rate dialer.
tacindex=5
[Malware.Azesearch]
content=A search toolbar, force installed through browser exploits. When installed, the toolbar will download malicious content such as rogue anti-spyware and other fraudulent applications
tacindex=10
[Malware.Hacktool]
content=A tool othen used by hackers to create packages for distributions. The program might have legitime use and not necessary unwanted.
tacindex=3
[Malware.Psguard]
content=Program masks as doing one thing, but does another.
tacindex=7
[Malware.SpyGuard]
content=Claims to be a spyware scanner; uses aggressive advertising to scare the user to download its application; Evidence of browser hijacker advertising techniques. This family could be related to SpyAxe and SpywareTrooper
tacindex=3
[Malware.SpywareCleaner]
content=programs masks as doing one thing, and does another by using false positive detections to trick the user to buying the commercial version
tacindex=3
[Malware.SpywareStrike]
content=SpywareStrike is the latest incarnation of SpyAxe. It claims to be a genuine Anti-Spyware application but has been installed through the use of trojan downloaders. When scanning it may show false positives or give exaggerated threat warnings, requesting a registration fee to remove these so called 'threats'. SpywareStrike may also be installed manually from www.spywarestrike.com
tacindex=5
[Malware.TopAntiSpyware]
content=Trojan
tacindex=10
[Malware.TopAntiVirus]
content=replaces Windows wallpaper with a fake virus alert
tacindex=3
[MalwareWipe]
content=MalwareWipe are a program that masks as doing one thing, but does another by using false positives detections to trick the user into buying the commercial version.
tacindex=3
[MarketDart]
content=Opens unsolicited advertisments.
tacindex=3
[Marketscore(Netsetter)]
content=Claims to increase the speed of your internet connection. Every web connection you make, including 'secure' connections, goes through the proxies and is logged and analysed on behalf of MarketScore's customer companies.
tacindex=7
[Masta Dialer]
content=Generic Dialer.
tacindex=5
[Matrix Technology Network]
content=Generic Dialer.
tacindex=6
[Max Spyware Detector]
content=Also known as Spyware Detector. Ant-ispyware software of dubious repute. Does not pose immediate risk to system but users are cautioned that this software is reported as using false positive detections to pursuade the purchasing of full version.
tacindex=3
[MediaCharger]
content=Also known as Downloadware, installs various unsolicited trackware
tacindex=5
[MediaMotor]
content=Operates in stealth. Downloads additional trojan downloaders and malware. Bundles undisclosed.
tacindex=8
[MegaSearch Toolbar]
content=Confusing/non/disclosing EULA, monitors web activity
tacindex=4
[MemoryMeter]
content=Trackware. Use of Tracking Cookies.
tacindex=5
[MemoryWatcher]
content=Difficult to remove. Installs other items without notice. Opens pop up ads.
tacindex=4
[Meridian Popupper]
content=Installs a BHO. Causes pop ups.
tacindex=6
[MetaDirect]
content=Browser Hijacker.
tacindex=5
[MicroGaming]
content=Installs unsolicited, no uninstaller provided.
tacindex=4
[midADdle]
content=Malware
tacindex=8
[MoneyGainer.BHO]
content=Browser helper object, redirect search engine
tacindex=6
[MoneyTree]
content=Trackware
tacindex=6
[Morfit ADjectPager]
content=Browser hi-jacker, changes browsing results
tacindex=6
[MPG Dialer]
content=Generic Dialer.
tacindex=5
[MPGCom Toolbar]
content=No uninstaller. Opens unsolicited websites. Auto updates.
tacindex=4
[MRU List]
content=Most Recently Used List.
tacindex=0
[MSCnt]
content=No uninstaller. Auto updates. Transmits/receives information without user permission and/or knowledge.
tacindex=6
[MSConnect]
content=Dialer
tacindex=5
[MSView]
content=No uninstaller. May cause system instability. Bundled install that is undisclosed. May install other items without notice. Auto updates. Opens unsolicited websites.
tacindex=10
[MyDailyHoroscope]
content=Installs unsolicited, retrieves and displays banner ads, installs unique ID to track user response.
tacindex=5
[MyFastAccess Toolbar]
content=Browser Hijacker.
tacindex=3
[Naupoint]
content=Installs unsolicited, connets to a remote system without user awarenes to silently download additional components, prevents removal.
tacindex=7
[NavExcel]
content=Tracks users search habits. Some compoents operates in stealth.
tacindex=7
[NaviHelper.BHO]
content=a Browser Helper Object, displays advertsing content and updating itself,
tacindex=5
[Navpmc]
content=Bundled install that is undisclosed. Operates in stealth. Auto updates.
tacindex=7
[NDG Systems]
content=No uninstaller. Operates in stealth.
tacindex=4
[Neededware]
content=It displays advertisements and may download software
tacindex=4
[Net Malmo]
content=Porn Dialer, Some Distributions Install Unsolicited.
tacindex=5
[Net Replicator]
content=No uninstaller. Installs other items without notice. Opens pop up ads.
tacindex=4
[NetCat]
content=Remote control tool
tacindex=10
[NetConnect]
content=Generic Dialer.
tacindex=5
[NetPal]
content=also known as NetPal Offers, trackware
tacindex=9
[Netservices BV]
content=Generic Dialer.
tacindex=5
[Netster Searchbar]
content=Search page hijacker.
tacindex=5
[Netword Agent]
content=opens unsolicited websites/pop up windows
tacindex=3
[NetworkEssentials]
content=Installs a BHO. Tracks browser use. Causes pop up ads.
tacindex=7
[Netzany]
content=opens unsolicited websites/pop up windows
tacindex=3
[New Dial]
content=Generic Dialer.
tacindex=5
[New Galleries]
content=No uninstaller. May cause system instability. Operates in stealth. Creates Tracking Cookies.
tacindex=8
[Newiso.org IRC Vulnerability]
content=No uninstaller. Transmits/receives information without user permission/knowledge.
tacindex=3
[Nez]
content=Generic Dialer.
tacindex=5
[NiteLine Media]
content=Porn Dialer.
tacindex=5
[N-Lite]
content=Installs unsolicited (bundeled).Connects to remote system without user consent.No Uninstaller
tacindex=6
[NowBox]
content=Ad client.
tacindex=7
[OfferAgent]
content=display pop-up advertisement
tacindex=4
[OnFlow]
content=Advertising BHO. Tracks ads displayed.
tacindex=7
[OnlineSupersavings]
content=Malware.Opens unsolicited webpages, runs stealth, prevents removal and detection.
tacindex=5
[OpenMe]
content=Porn ad client.
tacindex=3
[Optimal Soft]
content=No uninstaller. Transmits/receives information without user permission/knowledge
tacindex=3
[OrbitExplorer]
content=Trackware, Causes Popups
tacindex=9
[Other]
content=Unnamed or unclassified object, such as items which are known to install other items shown in Ad-aware's results.
tacindex=5
[OurXin]
content=OurXin is a Browser Helper Object, and is a part of a Chinese Browser assistant tool, may cause pop-up/pop-under advertisements
tacindex=3
[OverPro]
content=No uninstaller. Bundled install that is undisclosed.
tacindex=3
[Party Angels Network]
content=No uninstaller. Operates in stealth. Creates Tracking Cookies. Opens pop up ads.
tacindex=6
[Passe-Partout]
content=No uninstaller. Transmits/receives information without user permission/knowledge
tacindex=3
[PcTurboPro]
content=PcTurboPro is a program which claims to be able to optimize the users system. Annyoing warning pop ups occurs when the user shutdown its computer. It want the user to optimize the system, but only if he/she registers and buys a version of PcTurboPro. It also installs files which are running in stealth and adds an auto-start feature that can not be disabled.
tacindex=3
[PeopleOnPage]
content=May cause system instability. Browser Hijacker. Auto updates. Opens pop up windows. Tracks Browser Use.
tacindex=9
[Perflogger]
content=A Keylogger that logs/transmits key stokees and physical data such as creditcard numbers.
tacindex=10
[PestCapture]
content=PestCapture is a rogue antispyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it's a good program that removes viruses. Alert warning, pop ups try to entice the user to buy PestCapture software. If the user restarts the computer, PestCapture automatically scans the user's harddrive and the uninstaller will not function.
tacindex=5
[PestTrap]
content=PestTrap is an antispyware application. The program states it will remove spyware and does not show any license agreement before installation. The user has to go through a paid registration before any spyware can be removed. Alert warnings try to entice the user to buy Pest Trap's software. If the user restarts the computer, Pest Trap automatically scans the user's harddrive.
tacindex=3
[Piratos]
content=Porn dialer.
tacindex=5
[PKings-IEHelper]
content=No uninstaller. Operates in stealth.
tacindex=4
[Possible Browser Hijack attempt]
content=Possible attempt to control/redirect the browser. This object referrs to a "blacklisted" site. If the site listed is the site intended (in other words, it is set to the setting you wish it to be set to), add this listing to your ignorelist. If not, then selecting this item will reset your browser to the default setting for this item.
tacindex=3
[Powerscan]
content=Bundled install that is undisclosed. Opens unsolicited websites.
tacindex=5
[PowerStrip]
content=Incomplete uninstaller. Auto updates. Browser Hijacker.
tacindex=6
[PrecisionPOP]
content=Bundled install that is undisclosed. Browser Hijacker. Opens unsolicited websites.
tacindex=5
[PremiumConnect]
content=No uninstaller. Transmits/receives information without user permission/knowledge.
tacindex=3
[Pribi.bho]
content=Browser Helper Object. Distributed through unsolicited installations (bundeling).Hijacks Internet-Explorer search page
tacindex=6
[ProDyne Webinstall]
content=Generic Porn dialer.
tacindex=5
[PromulGate]
content=Opens unsolicited websites/pop up windows
tacindex=5
[Prutect]
content=Downloads additional trojan downloaders, viruses and malware. Operates in stealth. Undisclosed installation.
tacindex=8
[PSN - Private Search Network]
content=Browser Hijacker. No uninstaller.
tacindex=4
[PStopper]
content=Popup-"BLOCKER" that generates popups
tacindex=3
[PurityScan]
content=PurityScan opens popup ads. No uninstaller. A Clickspring variant.
tacindex=6
[Queep]
content=No uninstaller. Operates in stealth.
tacindex=6
[Questnet Dialer]
content=Generic Dialer.
tacindex=5
[Rads01.Quadrogram]
content=No uninstaller. Opens unsolicited pop up windows. Auto updates. Transmits/receives information without user permission/knowledge.
tacindex=6
[RapidBlaster]
content=Malware, Porn ad client.Runs stealth installs unsolicited third party software (Malware, trackware, hijackers, dialers).Causes Porn popups
tacindex=8
[RasDial]
content=Generic Dialer.
tacindex=5
[RBase01.ath]
content=No uninstaller. May cause system instability. Operates in stealth.
tacindex=8
[RCPrograms]
content=Opens unsolicited websites/pop up windows
tacindex=5
[Redhotnetworks]
content=Opens unsolicited websites/pop up windows (Adult Content)
tacindex=3
[Redirected hostfile entry]
content=Entry in your hostsfile that redirects a particular IP adress to a different host. Commonly used by Hijackers. If the entry in your hostsfile is intended (such as by use of a hostsfile list), add this listing to your ignorelist. If not, selecting this item will remove the entry from your hostsfile.
tacindex=4
[RedirectPage.BHO]
content=Browser Helper object
tacindex=2
[RedV]
content=Browser Hijacker.
tacindex=3
[RelatedLinks]
content=Opens unsolicited advertisements
tacindex=3
[RepairRegistryPro]
content=Repair Registry Pro is a registry cleaning application of dubious repute. It has been reported as using deceptive means to install to user systems, specifically using the 'Windows Messenger Service' to issue warnings that Windows has found critical errors which require attention, and advising the user to download and install Repair Registry Pro. On installation, it will scan your system informing you of many errors and requiring payment to register and fix them
tacindex=4
[ReplaceSearch.BHO]
content=Internet Explorer Hijacker, redirects the IE default search engine.Distributed through unsolicited installations.
tacindex=5
[RightFinder]
content=No uninstaller. May cause system instability.
tacindex=3
[RiverSoftware]
content=May cause browser instability. Browser Hijacker. Opens unsolicited websites. Auto updates.
tacindex=7
[Roings]
content=Browser Hijacker. Opens unsolicited websites. Downloads additional trojan downloaders and malware.
tacindex=8
[RSSToolbar]
content=May cause browser instability. Browser Hijacker.
tacindex=5
[RunMe]
content=Difficult to uninstall. Changes homepage to no URL (erased). Sets itself to execute at system startup. Overrides hosts file
tacindex=4
[RXToolbar]
content=RXToolbar is a BHO (Browser Helper Object) that is installed through bundling with applications such as Kazaa, or as a standalone installer from the vendor's website. It provides targeted advertising by tracking google search strings. Previously using aggressive install techniques, this family is now considered low risk, and undergoing a probationary period.
tacindex=6
[SafeSearch]
content=Changes search results. Required to enter displayed code to uninstall. Opens unsolicited popups.
tacindex=4
[SahAgent]
content=Installs a Winsock 2 Layered Service Provider that redirects visits to merchant sites in order to take the affiliate fees from them automatically.
tacindex=9
[Scam.AdwareRemoverGold]
content=Theft of Ad-aware interface/code
tacindex=3
[SCAM.Enigma.NoAdware]
content=Theft of Ad-aware interface/code
tacindex=3
[Scam.ScanSpyware]
content=Theft of Ad-aware interface/code
tacindex=3
[Scam.SpywareKilla]
content=Theft of Ad-aware interface/code
tacindex=3
[Scam.Trackzapper]
content=Theft of Ad-aware interface/code
tacindex=3
[SCBAR]
content=Opens unsolicited popups. Browser Hijacker. Installs other items without notice.
tacindex=3
[SCKeyLog Trojan]
content=No uninstaller. Operates in stealth. Transmits personally identifiable information without user permission/knowledge.
tacindex=6
[Scratch and Win]
content=Scratch card game thats really an ad client. Automatically updates itself.
tacindex=6
[Scumware Remover]
content=Browser HiJacker of start- and searchpage. Operates in stealth. Program masks as scumware-remover. Connects to a remote system without the user's awareness to transmit/receive information. Redirect hosts file entries.
tacindex=8
[Search Miracle]
content=Common IE Hijacker.Installs unsolicited.
tacindex=5
[Search Relevancy]
content=IEHijacker, compromises IE search results
tacindex=5
[Search4All]
content=Browser\Search-engine hijacker.
tacindex=3
[Searchalot]
content=Browser and search hijacker. Offers free software downloads from downloadalot.com that are actually a small program to hijack the users browser.
tacindex=5
[SearchbarCash]
content=Also known as ISTbar (AUpdate variant). IE toolbar, homepage, and search hijacker.
tacindex=4
[SearchBoss]
content=Internet Explorer bar. Tracks browser usage.
tacindex=5
[SearchCentrix]
content=May cause browser instability. Browser Hijacker.
tacindex=5
[SearchClick]
content=A website searchengine. Changes browsing results, includes virus.
tacindex=10
[SearchExplorerBar]
content=It is an Internet Explorer toolbar, and it is installed by drive by download. Tracks browser use. Some pop-up advertisements will be triggered when you browse the web while the toolbar is enabled.
tacindex=9
[SearchFast]
content=Common IE Hijacker.Installs unsolicited.
tacindex=5
[SearchMaid]
content=It is a Browser Hijacker, installs a toolbar on Internet Explorer, and displays unsolicited popups.
tacindex=7
[SearchMyRequest]
content=Browser Hijacker.
tacindex=5
[SearchNav]
content=Browser Hijacker
tacindex=5
[SearchNuggetToolbar]
content=a Browser Helper Object, adds a toolbar in Internet Explorer
tacindex=3
[SearchSeekFind]
content=Trackware. Opens unsolicited websites/pop up windows
tacindex=3
[SearchSprint]
content=No uninstaller. Browser Hijacker. Opens unsolicited websites.
tacindex=6
[SearchSquire]
content=Internet Explorer sidebar that contains paid links that open when you use search engines.(Xupiter Variant)
tacindex=7
[SearchV]
content=No uninstaller. Browser Hijacker. May cause browser instability.
tacindex=6
[searchwww.hijacker]
content=No uninstaller. May cause browser instability. Browser Hijacker.
tacindex=8
[SecondThought]
content=No uninstaller. Opens pop up ads.
tacindex=4
[SecretCrush]
content=Hijacker. May reset homepages or hijack searchs. Redirects to porn sites.
tacindex=3
[Security iGuard]
content=Rogue spyware, masks as doing one thing but does another, browser hijack / unsolicited popups, tracks user's surfing habits
tacindex=9
[SeksDialer]
content=Generic Dialer.
tacindex=5
[Seksilolita]
content=No uninstaller. Opens pop up ads.
tacindex=6
[ServerLogic.Hyperlinker]
content=Installs unsolicited.Connects to a remote system without user consent, tracks browser usage, does not provide uninstaller
tacindex=7
[###### Connect]
content=Porn Dialer.
tacindex=5
[###### Farm Gmbx]
content=Browser Hijacker. IRC Vulnerability. No uninstaller.
tacindex=6
[######.de]
content=No uninstaller. Operates in stealth.
tacindex=6
[SexChat Dialer]
content=Porn Dialer.
tacindex=5
[SexFiles.nu]
content=Porn Dialer.
tacindex=5
[SexGlamour]
content=Porn Dialer.
tacindex=5
[SexNow Dialer]
content=Porn Dialer.
tacindex=5
[Sexplorer]
content=Porn dialer
tacindex=5
[Sexx-Direct]
content=No uninstaller. Operates in stealth. Opens pop up ads.
tacindex=4
[Shield-BLSS]
content=Runs stealth, installs unsolicited, tries to establish connections to different servers at random times.
tacindex=6
[ShopForGood]
content=Trackware. Browser Hijacker.
tacindex=5
[ShopNav Hijacker]
content=Installs a BHO. Search hijacker.
tacindex=8
[Shopnet Toolbar]
content=Browser toolbar that collects some information
tacindex=1
[ShowBar]
content=Browser Hijacker.
tacindex=5
[ShowBehind]
content=Ad client bundled with free software downloads.
tacindex=5
[SideFind]
content=Bundled install that is undisclosed. Browser Hijacker.
tacindex=5
[SimpleTbar]
content=installs a Toolbar in Internet Explorer, may pop-up advertisements while using Internet Explorer
tacindex=3
[SinCity Dialer]
content=Generic Dialer.
tacindex=5
[SirSearch]
content=Common IE Hijacker.Installs unsolicited, redirects browser to sirsearch.com website.
tacindex=5
[Sitromba Dialer]
content=Generic Dialer.
tacindex=5
[Softomate Toolbar]
content=Browser Hijacker. Opens pop up ads. Auto updates.
tacindex=9
[SP2Update]
content=tracks urls visited and search terms entered into IE windows, and pop-up targeted advertisements on the compromised computer
tacindex=6
[SpecialOffersNetworks]
content=n/a
tacindex=4
[Spyagent]
content=Spyagent is a keylogger and monitoring tool which has been dropped onto users' systems by silent installers
tacindex=10
[SpyArsenal FamilyKeylogger]
content=Spyware, records keystrokes
tacindex=10
[SpyArsenal GoldenKeylogger]
content=spyware, records keystrokes
tacindex=10
[SpyArsenal HomeKeylogger]
content=Spyware, records keystrokes
tacindex=10
[SpyArsenal Internet Spy]
content=Spyware, monitors internet-usage
tacindex=5
[SpyAxe]
content=Spyaxe purports to be a genuine anti-spyware application but has been heavily installed by trojan downloaders
tacindex=4
[SpyBlast]
content=No uninstaller. Opens unsolicited websites.
tacindex=3
[SpyContra]
content=SpyContra claims to be a genuine Anti-Spyware program but uses false positives as a goad to purchase. Instances of WhenU.SaveNow and other infections will be presented on an entirely clean machine
tacindex=4
[SpyDefence]
content=SpyDefence is a rogue antispyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it's a good program that removes viruses. Alert warning, pop ups, try to entice the user to buy SpyDefence software. If the user restarts the computer, SpyDefence executes and the uninstaller will not function.
tacindex=4
[SpyDeleter]
content=Browser Hijacker, Installs unsolicited, spawns popups (fake security warnings)
tacindex=5
[SpyFalcon]
content=Claims to be an Anti-Spyware application. This application has been forced installed onto users' systems. Application appears to be a new incarnation of SpyAxe / SpywareStrike
tacindex=3
[SpyFerret]
content=Dubious anti-Spyware.
tacindex=3
[SpyFighter]
content=SpyFighter purports to be a genuine anti-spyware / anti-errorware, though its distribution channels are dubious in nature. Fraudulent messages informing a user that their computer is infected are in use by SpyFighter affiliates, such as the one at http://pc-***.org/
tacindex=3
[SpyHeal]
content=SpyHeal is an rogue antispyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it's a good program that removes viruses. If the user restarts the computer, SpyHeal automatically scans the user's harddrive.
tacindex=4
[SpyMarshal]
content=SpyMarshal is a rogue antispyware application which can be automatically installed on the system from a third party trojan.downloader. The user is made to believe it's a good program that removes spyware. But the actual results from the system scan are fake which the software just makes up. Alert warnings try to entice the user to buy SpyMarshal software. If the user restarts the computer, SpyMarshal automatically scans the user's harddrive and the uninstaller is unfunctional.
tacindex=4
[SpyOutside]
content=Logs and transmits key strokes and screen captures. Operates in stealth.
tacindex=10
[SpySpotter]
content=SpywareSpotter uses false positives detections to trick the user into buying the commercial version. SpywareSpotter can be stealth installed by Trojan Downloaders. No Privacy policy is disclosed to the user prior to installation.
tacindex=3
[Spyware.ActiveKeyLogger]
content=Keylogger that monoitors clipboard contents, and takes desktop screenshots.
tacindex=10
[Spyware.ActualSpy]
content=Spyware.ActualSpy logs keystrokes, Clipboard content, and Internet activities, and takes screenshots.
tacindex=10
[Spyware.AdvancedKeyLogger]
content=Spyware.AdvancedKeyLogger is a commercial keylogger that monitors clipboard contents, and takes desktop screenshots.
tacindex=10
[Spyware.E2Give]
content=Spyware.E2Give operates in stealth, tracking your browser habits and periodically downloading and installing other software. It will pop up advertisements while browsing. Spyware.E2Give may be installed by trojan downloaders that infect the system by using browser exploits and/or other methods
tacindex=10
[Spyware.IEToolbar]
content=adds a toolbar in Internet Explorer,
tacindex=3
[Spyware.PcAudit]
content=Spyware.Pcaudit tracks keystrokes, IP addresses, and other user information, submitting it to a predetermined server. (www.pcinternetpatrol.com). With the user's permission, the spyware tracks and sends the following information to the server of Internet Security Alliance: Computer name or any identification, IP address , Name of the subdirectories and files in My Documents folder. Snapshot of the computer's screen Keystrokes
tacindex=10
[Spyware.Perezzz]
content=a search hijack, installs as a browser helper object toolbar in Microsoft Internet Explorer, may redirect some searches
tacindex=5
[Spyware.QuickKeylogger]
content=It is a spyware program, it logs every keystroke on the compromised computer
tacindex=10
[Spyware.Safesurfing]
content=Monitors browsing habits.
tacindex=3
[Spyware.Surfcomp]
content=a Browser Helper Object, monitors and logs all Urls visited in Internet Explorer
tacindex=4
[spyware.WeatherStudio]
content=Spyware.Weatherstudio AKA SearchRover Toolbar transmits search terms entered into popular search engines without user consent. When executed, the installation packages install without warning, providing no cancel button.
tacindex=3
[Spyware.WebDir]
content=Spyware.WebDir are an affiliate-fee grabber implemented as Internet Explorer Browser Helper Object.
tacindex=3
[SpywareNo]
content=Program masks as doing one thing, but does another by using false positives detections to trick the user into buying the commercial version. Privacy policy not disclosed to the user prior to installation, steatlh install and bundled with 3rd party software and installation is not disclosed to the user.
tacindex=10
[SpyWareNukerXT]
content=SpyWareNukerXT is a rogue anti-errorware that uses false positives to trick the user into buying the commercial version. SpyWareNukerXT might be forced installed by trojans.
tacindex=2
[SpywareQuake]
content=SpywareQuake purports to be a genuine anti-spyware program but uses false positives as a goad to purchase. Its distribution / install methods are stealthy and/or disceptive. Trojans infecting a machine will place fraudlent messages on the desktop, informing the user that they are infected with spyware and should download SpywareQuake to remove it. Having done this, SpywareQuake will scan your entire system in no more than 20 seconds and report a multitude of ficticious threats. SpywareQuake has also been force installed by trojan downloaders.
tacindex=10
[SpywareSheriff]
content=SpywareSheriff is a new rogue Antispyware.
tacindex=4
[SpywareStormer]
content=SpywareStormer uses misleading advertising to scare the user into installing the application and may give exaggerated spyware detections to persuade the user into paying for the registered version to remove these 'threats'. SpywareStormer is usually downloaded and installed explicitly from the website but may be force installed by drive-by install methods through adverts popped-up by trojans
tacindex=3
[SpywareXP]
content=It purports to be a genuine anti-spyware application but uses false positives as goad to purchase; related to AlertSpy
tacindex=4
[StarInstall(MainPean)]
content=Porn dialer.
tacindex=5
[STARR Pro]
content=Spyware, runs stealth
tacindex=5
[Startnow.Hyperbar]
content=Common Internet Explorer Hijacker.Installs unsolicited. It modifies search requests and may display advertisements. It allso may cause system instabilities.
tacindex=8
[Starware Toolbar]
content=Starware Toolbar is an Interet Explorer toolbar that transmits your words you enter into seearch engines, to its own servers and changes the default "404 Not Found" page to its own site. It may be installed without user consent or knowledge or bundled with other applications such as "Cursorcafe.com" where it is rebranded to the installing vendor's name.
tacindex=5
[StatBlaster]
content=No uninstaller. May cause Explorer instability. Opens unsolicited websites.
tacindex=8
[StickyPopsBHO]
content=Browser Helper Object. Installs unsolicited, spawns pop up ads. no uninstaller provided
tacindex=6
[Stom CC]
content=No uninstaller or EULA. Installs other items and displays unsolicited advertisements.
tacindex=6
[StopPop]
content=Fake Popup-blocker causing Popups.
tacindex=3
[stopto.da.ru]
content=No uninstaller. Browser Hijacker.
tacindex=6
[StyleClickInc]
content=Browser Hijacker.
tacindex=3
[Submithook.BHO]
content=Submithook is a browser hijacker, which inserts porn advertisments as links into guestbooks and forums that the user is active on
tacindex=5
[SubSearch]
content=No uninstaller. Browser Hijacker. Opens a system vulnerability.
tacindex=6
[SunInfoConnect]
content=Porn Dialer
tacindex=5
[SupaSeek]
content=No uninstaller. Opens unsolicited websites.
tacindex=4
[SuperDialer]
content=Generic Dialer, Automatic updates
tacindex=5
[Superlogy.com]
content=Internet Explorer Hijacker, redirects browser to superlogy.com, performs silent updates, installs unsolicited
tacindex=5
[SureBar]
content=Browser Hijacker.
tacindex=3
[Surf+]
content=Thiefware. Inserts its own green links on the website you are visiting. Previously also installed 'EasyLink'. *Surf+ has stopped its link overlay portion os its software in newer versions.
tacindex=3
[Surfaccuracy]
content=records keywords typed in popular websearch engines, such as google, and sends this information to a server, may display advertisements
tacindex=5
[Surfairy]
content=Browser Hijacker.
tacindex=5
[SurfSideKick]
content=Browser Helper Object, Installs Unsolicited, May Cause System Instabilities, Tracks Surfing Habits.
tacindex=7
[SVCcpy]
content=No uninstaller. Transmits/receives information without user permission/knowledge
tacindex=3
[SysProtect]
content=SysProtect is a rogue antispyware application. The program states it will remove spyware but it simply installs malware. The user is made to believe it's a good program that removes viruses, but the software are using false positives detections to trick the user into buying the commercial version. If the user restarts the computer, SysProtect automatically scans the user's harddrive.
tacindex=5
[SySsfitb]
content=Malware.Installs unsolicited.May cause system instabilities.No uninstaller provided.Spawns pop-ups.
tacindex=6
[SystemDoctor]
content=SystemDoctor is a rogue anti-errorware from WinSoftware that may use false positives to trick the user into buying the commercial version. It may be installed by Trojan downloaders. Winsoftware also produces the softwares Winfixer and Errorsafe
tacindex=3
[SysWeb-Telecom Dialer]
content=Generic Dialer
tacindex=5
[T Online Dialer]
content=Generic Dialer.
tacindex=5
[Targetsaver]
content=Installs unsolicited.Connects to a remote system without unser consent to download third party components and to transmit usage data.Several variants do not include an uninstaller.
tacindex=8
[TaskMgr-DV]
content=Operates in stealth.
tacindex=3
[TeenFestival]
content=Browser Hijacker. No uninstaller. May cause browser instability. Operates in stealth. May install other items.
tacindex=8
[TGDC(md)]
content=Thiefware. Browser hijacker.
tacindex=5
[The Spy Guard]
content=Claims to be a spyware scanner; uses aggressive advertising to scare the user to download its application; Evidence of browser hijacker advertising techniques. This family could be related to SpyAxe and SpywareTrooper
tacindex=3
[TIB Browser]
content=Premium-rate Dialer.Installed by various malware downloaders.
tacindex=6
[Timesink]
content=Timesink/Conducent Ad client.Supposedly out of business, yet the software is still widely in use.
tacindex=7
[TinTel dialer]
content=Porn Dialer
tacindex=5
[Toolbar Deep Dive]
content=Unsolicited popups, browser hijack, changes browsing results
tacindex=8
[Toolbar.Scirus]
content=This program does not provide any license agreement or privacy policy at installation. It also installs to all user accounts without asking. May cause pop-up advertisements.
tacindex=3
[ToolbarCC]
content=Trackware, Hijacker
tacindex=8
[TopMoxie]
content=Ad Client. Installs an uniqe user ID.
tacindex=3
[TopPicks]
content=Bundled install that is undisclosed. Browser Hijacker.
tacindex=6
[TopSearch]
content=Opens unsolicited websites/pop up windows. Bundled install that is undisclosed.
tacindex=5
[TPS108]
content=Installs as a BHO. Causes pop up ads. Tracks browsing and some computer use. Variants include Blackstone, VX2, TPS108, MSView, NetPal, and SiteHlpr.
tacindex=9
[Tracking Cookie]
content=This cookie is known to collect information that may be used either for targeted advertising, or tracking users across a particular website, such as page views or ad click-thrus.
tacindex=3
[TrafficAdvance Dialer]
content=Generic Dialer.
tacindex=5
[TrafficHog]
content=Browser Hijacker. No uninstaller. May cause browser instability.
tacindex=8
[Transponder]
content=Installs as a BHO. Causes pop up ads. Tracks browsing and some computer use. Variants include Blackstone, VX2, TPS108, MSView, NetPal, ABetterInternet, BC777 and SiteHlpr.
tacindex=10
[Trojan Dload.BE]
content=downloads files from a remote site and then runs them
tacindex=6
[Trojan.PGPcoder]
content=searchs a victim's hard disk for some common file types, such as .doc, .htm, .html, .txt, .jpg, etc.; encrypts the files, and drops a note asking buying the decoder
tacindex=5
[Trojan]
content=Various Trojan Horses. Its name, if available, is indicated in the comments section of its listing.
tacindex=5
[Trojan.Shutdown]
content=Trojan.Shutdown is an annoying trojan that shuts down or reboots your computer. It may be dropped by a trojan downloader to force the user a reboot
tacindex=10
[trojan.win32.ilka32]
content=Trojan that scans the network for exploitable computers and collects information such as passwords and CD-keys from infected computers and reports back to its author.
tacindex=7
[Trojan.Win32.StartPage.he]
content=Changes browser settings for Microsoft Internet Explorer. Points your default page to http://abcsearch4u.com
tacindex=10
[TrojanBackdoor.Serv-U]
content=Hacked commercial FTP application. Runs FTP server.
tacindex=8
[TRTI Dialer]
content=Porn dialer.
tacindex=5
[TrustCleaner]
content=TrustCleaner is a rogue anti-spyware, false positives works to trick the user to purchase.
tacindex=10
[TrustToolBar]
content=Browser Hijacker. No uninstaller.
tacindex=6
[TS Cash]
content=Generic Dialer.
tacindex=5
[TubbyBHO]
content=Internet Explorer hijacker. Adds an explorer toolbar. installs unsolicited
tacindex=7
[TurboDownload]
content=Opens unsolicited websites/pop up windows. No uninstaller. Bundled install that is undisclosed.
tacindex=8
[TwistedHumor]
content=Ad Client. Displays ads that cover the entire browser window. Sells user information.
tacindex=7
[Twister]
content=No uninstaller. Operates in stealth.
tacindex=6
[TVMedia]
content=Browser Hijacker. Installs unsolicited
tacindex=5
[TX4.BrowserAd]
content=Opens unsolicited advertisements
tacindex=3
UCmore]
content=adds a toolbar in Internet Explorer, displays links to other sites which it deems connected to current pages you are visiting
tacindex=3
[UCSearch]
content=No uninstaller. Operates in stealth. Opens unsolicited websites/pop up windows
tacindex=6
[UDP Dialer]
content=Generic Dialer.
tacindex=5
[UKVideo2 Dialer]
content=Generic Dialer.
tacindex=5
[Ultimate Defender]
content=Ultimate Defender is a rogue anti-spyware program that uses various wais to trick uses to install the software or it might use trojan downloaders that use exploits to force install the program.
tacindex=3
[UnSpyPC]
content=UnSpyPC is a security scanner of dubious repute. It uses false positives (often of reputable software) to display a list of threats to the user, and requests a registration fee to remove them. UnSpyPC is known to be distributed by Trojan Downloaders and through browser exploits.
tacindex=6
[UpdateLoader Malware]
content=Runs stealth, installs unsolicited third party applications (Trackware, Hijackers and malware)
tacindex=5
[User32.mslib]
content=Installs and operates in stealth. No uninstaller.
tacindex=6
[UTWente-NL]
content=No uninstaller. Operates in stealth.
tacindex=6
[Uyelik Dialer]
content=Generic Dialer.
tacindex=5
[W32.SoBig.F]
content=Worm
tacindex=8
[VacPro]
content=Generic Dialer, Opens unsolicited pop-ups.
tacindex=6

#5 simon1

simon1

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 30 January 2007 - 08:18 AM

[WallaBar]
content=Browser Hijacker.
tacindex=5
[WareOut]
content=Wareout purports to be a geniune spyware remover. It adds files and registry keys and then detects them as spyware to trick the user into thinking they are infected, then requesting payment for removal of these items Wareout has been distributed through browser exploits and by Trojan downloaders
tacindex=10
[Wazam Searchbar]
content=IE toolbar. Harmless. Bundled with other software. Also known as SearchBlaster.
tacindex=7
[WDInfo Dialer]
content=Porn Dialer.
tacindex=5
[Web3000]
content=Trackware, Replaces WSock32.dll
tacindex=8
[Webalize Toolbar]
content=Webalize Toolbar distinguish itself from other toolbars. It consists of an technical report which stores information about the users surfing habits. The surfing report is stored in a .txt document. Webalize Toolbar installation do not include any license agreement or privacy policies.
tacindex=3
[WebDialer]
content=Porn dialer.
tacindex=5
[WebHancer]
content=Installs a LSP (Hooks into winsock) all packets are passed through WebHancer.
tacindex=9
[WebHlpr]
content=Browser Hijacker with no uninstaller.
tacindex=4
[WebSpeacials]
content=Delivers advertising content
tacindex=6
[Veevo]
content=No uninstaller. Operates in stealth. May cause browser instability.
tacindex=6
[Verticity]
content=Opens unsolicited websites/pop up windows
tacindex=3
[Vesta Intl Dialer]
content=Generic Dialer.
tacindex=5
[Whazit]
content=Browser+Search engine Hijacker
tacindex=7
[WhenU.DesktopToolbar]
content=Adds an auto-start toolbar to desktop that is not possible to disable. Transmits usage info without user's consent.
tacindex=5
[WhenU]
content=
tacindex=3
[WhenU.WeatherCast]
content=WeatherCast delivers weather information and forecasts to a software agent. The temperature of a selected location is displayed in the tray and by opening the software a small display shows the current weather and forecast. The software includes a component called ICE.
tacindex=2
[WhenU.WhenUShop]
content=An advertising toolbar that monitors urser's surfing habits and opens unsoliticed popups
tacindex=3
[Win32.ac332.mine]
content=IRC Vulnerability.
tacindex=8
[Win32.Adverts.TrojanDownloader]
content=Trojan Horse thats downloads ads and displays them in IExplorer
tacindex=6
[Win32.Alcena.Downloader]
content=Installs unsolicited.Connects to a remote system, downloads and installs third party components.Does not provide an uninstaller
tacindex=7
[Win32.Backdoor.AfCore]
content=Trojan Horse
tacindex=6
[Win32.Backdoor.Agent]
content=Win32.Backdoor.Agent is a virus that open up backdoors on a compromised computer.
tacindex=10
[Win32.Backdoor.Agobot.nq]
content=allows others to access the computer, downloads code from the internet, exploits system or software vulnerabilities
tacindex=6
[Win32.Backdoor.Agobot]
content=Win32.Backdoor.Agobot is a malware that open up backdoors on a compromised computer.
tacindex=10
[Win32.Backdoor.Bifrose]
content=Backdoor Bifrose is a backdoor server that can send information and receive files to a compromised computer.
tacindex=10
[Win32.Backdoor.CiaDoor]
content=No uninstaller. Installs and operates in stealth. Auto updates.
tacindex=8
[Win32.Backdoor.Cone]
content=Win32.Backdoor.COne allows remote access to the system. It has file server capabilities, and can be used to hijack a system / bandwidth for dubious intentions. This backdoor can also inject itself into browsers or MSN messenger to steal information and spread itself futher.
tacindex=10
[Win32.Backdoor.Dumador]
content=Allows others record and to access the keystrokes on the compromised computer.
tacindex=10
[Win32.Backdoor.Goweh.D]
content=Operates in stealth. Browser Hijacker.
tacindex=4
[Win32.Backdoor.Hackarmy]
content=Win32.Backdoor.Hackarmy is a backdoor tool that allows for a remote user to exploit the infected system. Known ports include (but are not limited to) 6667.
tacindex=10
[Win32.Backdoor.Hupigon]
content=Win32.Backdoor.Hupigon installs a backdoor service on the infected computer. This backdoor lets the attacker gain full control of the compromised system. Win32.Backdoor.Hupigon is also known as Win32.Backdoor.Graybird.
tacindex=10
[Win32.Backdoor.ident.c]
content=Trojan Horse
tacindex=8
[Win32.Backdoor.Jeem]
content=Trojan Horse
tacindex=8
[Win32.Backdoor.Jeemp]
content=Virus/Trojan horse.
tacindex=8
[Win32.Backdoor.Lanfiltrator]
content=LANfiltrator is a remote access tool, designed to access the remote computer through a router, LAN or proxy server.
tacindex=5
[Win32.Backdoor.Lixy.B]
content=Trojan Horse.
tacindex=8
[Win32.Backdoor.Nethief]
content=Trojan backdoor
tacindex=10
[Win32.Backdoor.Optix]
content=Virus/Trojan horse.
tacindex=8
[Win32.Backdoor.Padodor]
content=Virus/Trojan horse.
tacindex=8
[Win32.Backdoor.PcClient]
content=Win32.Backdoor.PcClient contacts a HTTP domain to recieve backdoor commands. The malware creates a TCP stream towards the host computer and synchronizes with a suspicous HTTP domain. All users with a HTTP connection will be in the danger zone if they have exec this type of malware.
tacindex=10
[Win32.Backdoor.Rbot.gen]
content=allows others to access the computer,steals inforamtion,downloads code from the internet,reduces system security
tacindex=7
[Win32.Backdoor.RBot]
content=Win32.Backdoor.RBot is a Virus/Trojan Horse.
tacindex=10
[Win32.Backdoor.Sality]
content=Win32.Backdoor.Sality has two modules, one keylogger, and one backdoor. The backdoor may be used to control a infected system from a remote computer.
tacindex=10
[Win32.Backdoor.SDBot.C]
content=Trojan Horse
tacindex=8
[Win32.Backdoor.SDBot]
content=Trojan Horse
tacindex=8
[Win32.Backdoor.SDBot.ve]
content=allows others to access the computer, steals information, downloads code from the internet, software vulnerabilities
tacindex=8
[Win32.Backdoor.Spyboter]
content=Keylogger. Operates in stealth.
tacindex=6
[Win32.Bagle.B]
content=Installs and Operates in stealth. Auto updates. No uninstaller.
tacindex=8
[Win32.Bagle.E]
content=Installs and Operates in stealth. No uninstaller. Auto updates.
tacindex=8
[Win32.Bagle.F]
content=No uninstaller. Installs and operates in stealth. Auto updates.
tacindex=8
[Win32.Bagle.G]
content=No uninstaller. Installs and Operates in stealth. Auto updates.
tacindex=8
[Win32.Bagle.H.ref]
content=Worm with capability to mass email itself to spread.
tacindex=8
[Win32.Bagz.D]
content=Worm, browser redirect, operates in stealth, opens vulnerability.
tacindex=10
[Win32.Banker.J]
content=Trojan Horse
tacindex=8
[Win32.Benuti.Trojan]
content=Trojan Horse
tacindex=8
[Win32.Blaster]
content=Worm
tacindex=8
[Win32.Dasmin.B]
content=n/a
tacindex=8
[Win32.Delf.Trojan.A]
content=Trojan Horse, Browser Hijacker.
tacindex=8
[Win32.Delf.Trojan.B]
content=Trojan Horse, Browser Hijacker.
tacindex=8
[Win32.Delf.Trojan.C]
content=Trojan Horse, Browser Hijacker.
tacindex=8
[Win32.Dialer.E-nrgyPlus]
content=Win32.Dialer.E-nrgyPlus installes by trojan downloader applications. It installs without user knowledge and could have unwanted or harmful effect.
tacindex=3
[Win32.Dialer.Saristar]
content=Premium rate dialer, installs unsolicited
tacindex=7
[Win32.Dialer.Trojan]
content=No uninstaller. Installs and Operates in stealth. Generic Dialer.
tacindex=6
[Win32.Dluca.TrojanDownloader]
content=Runs stealth.Downloads and installs various malwarre
tacindex=6
[Win32.Downloader]
content=No uninstaller. Operates in stealth. Installs other items without notice.
tacindex=10
[Win32.Dumaru]
content=Trojan Horse
tacindex=8
[Win32.Funlove]
content=No uninstaller. Installs and Operates in stealth. May cause system instability.
tacindex=8
[Win32.Generic.Annoyware]
content=Win32.Generic.Annoyware is a program that might annoy and/or scare the user.
tacindex=3
[Win32.Generic.PWS]
content=Win32.Generic.PWS records your keystrokes and passwords, transmitting them to a remote server
tacindex=10
[Win32.Generic.Worm]
content=Win32.Generic.Worm spreads from computer to computer though compromized computers
tacindex=10
[Win32.Golid.Trojan]
content=Trojan Horse
tacindex=8
[Win32.Hacktool.AmericanPride]
content=Win32.Hacktool.AmPride features a bunch of malicious functions used to harm remote systems
tacindex=5
[Win32.Hacktool.Brontok]
content=Win32.Hacktool.Brontok is used to build adware pages.
tacindex=5
[Win32.Hacktool.Craagle]
content=Win32.Hacktool.Craagle is a tool that searches for illegal serials on sites that are potentially harmful to the system that visits them.
tacindex=5
[Win32.Hacktool.ToolEvId]
content=Win32.Hacktool.ToolEvId is a tool that allows to change the amount of simultanious half-open connections allowed by XP. Could potentially harm the system and even result in boot failure.
tacindex=3
[Win32.Hacktool.WinSpy]
content=Win32.Hacktool.WinSpy is a tool that are able to hijack, monitor and send private information about the users computer.
tacindex=10
[Win32.Hacktool.VncNoAuth]
content=Win32.Hacktool.VncNoAuth is a patched version of the VNC client that allows for a malicious user to by pass the authentication on a remote server
tacindex=5
[Win32.Harnig.Trojan]
content=Trojan Horse
tacindex=6
[Win32.HLLW.Nebiwo]
content=Trojan Horse
tacindex=8
[Win32.Holar.G]
content=Worm
tacindex=8
[Win32.Hoost.Trojan]
content=Virus/Trojan Horse
tacindex=6
[Win32.Hostidel.Tojan]
content=Trojan Horse
tacindex=8
[Win32.HotWinCasino.Trojan]
content=Trojan Horse
tacindex=4
[Win32.IEStartpage]
content=IEHijacker/Malwaredropper.Installs undisclosed, Hijacks InternetExplorer Start page.May download and install various third party components
tacindex=8
[Win32.I-Worm.ai]
content=Worm
tacindex=8
[Win32.Keylogger.Bestfriends.A]
content=Logs and trasmits various user activities, disables/kills taskmanager to prevent detection.
tacindex=7
[Win32.Keylogger.Examinator.a]
content=Logs Keystrokes and user activity.Connects to remote system to transmit user data
tacindex=7
[Win32.Keylogger.Skin]
content=Win32.Keylogger.Skin is a commercial keylogger. It records all keystrokes and active windows to C:\sessions.log (unless of course that has been changed).
tacindex=5
[Win32.Keylogger.SoftForYou]
content=Win32.Keylogger.SoftForYou is a commercial Keylogger.
tacindex=5
[Win32.Kwbot.C]
content=Worm, distributed through P2P software
tacindex=8
[Win32.Kwbot.P]
content=Worm, distributed through P2P software
tacindex=8
[Win32.Livevids]
content=Virus/Trojan Horse
tacindex=8
[Win32.LolaWeb.Trojan]
content=Operates in stealth. Auto updates without user permission and/or knowledge. Has ability to download additional files and/or dialers. Opens unsolicited websites
tacindex=4
[Win32.Malware.Jeefo]
content=Win32.Malware.Jeefo infects exe and dll files.
tacindex=10
[Win32.Malwaredropper.Checkin]
content=Distributed through unsolicited installations.Runs in stealth.Downloads and installs various third party malware objects.
tacindex=7
[Win32.Mitglieder Trojan]
content=Trojan Horse
tacindex=8
[Win32.MMail.A]
content=Worm
tacindex=8
[Win32.MMail.B]
content=Worm
tacindex=8
[Win32.Mydoom.A]
content=Worm
tacindex=8
[Win32.MyDoom.P@mm]
content=Worm, distributed through P2P software
tacindex=8
[Win32.Narrator.Trojan]
content=Trojan Horse
tacindex=8
[Win32.Netlogon.A]
content=Trojan
tacindex=8
[Win32.Netsky.B]
content=No uninstaller. Installs and Operates in stealth. May cause Explorer instability.
tacindex=10
[Win32.Netsky.C]
content=No uninstaller. Installs and Operates in stealth. May cause Explorer instability.
tacindex=10
[Win32.Netsky.D]
content=No uninstaller. Installs and Operates in stealth. May cause Explorer instability.
tacindex=10
[win32.Nukers]
content=A program used to harm other computers over Internet and make them to crash or reboot.
tacindex=10
[Win32.Opanki]
content=An instant-messaging worm, attempts to spread via AIM.
tacindex=3
[Win32.P2P-Worm.Alcan.a]
content=P2P worm
tacindex=8
[Win32.Padobot]
content=Spybot
tacindex=6
[Win32.Perfiler]
content=Trojan Downloader
tacindex=8
[Win32.PSW.MSNFaker]
content=Keylogger/Password stealing trojan
tacindex=6
[Win32.PWSteal.Tarno]
content=Trojan Horse
tacindex=8
[Win32.RD-Bot Trojan]
content=Trojan Horse
tacindex=8
[Win32.Revop.Trojan]
content=Trojan Horse
tacindex=6
[Win32.Sasser]
content=Worm
tacindex=8
[Win32.SC.Keylog]
content=Keylogger. Operates in stealth.
tacindex=7
[Win32.Sced.Trojan]
content=Trojan Horse
tacindex=8
[Win32.SndMan]
content=No uninstaller. Installs and Operates in stealth. May cause browser instability.
tacindex=8
[Win32.Sober.A]
content=Worm
tacindex=8
[Win32.Spybot.B]
content=Worm
tacindex=8
[Win32.Spybot.C]
content=Worm
tacindex=8
[Win32.Spybot.worm]
content=Worm, distributed through P2P software
tacindex=8
[Win32.Spyware.Acoona]
content=Win32.Spyware.Acoona transmits all URL queries entered in internet explorer to a remote site.
tacindex=7
[Win32.SurNova.Worm]
content=P2P Vulnerability
tacindex=6
[Win32.Swen.A]
content=Worm
tacindex=8
[Win32.SymbOS.Cardblock]
content=Win32.SymbOS.Cardblock is a trojan. It affects symbian phones modell 60. It will try to change the password on the multimedia card.
tacindex=10
[Win32.Sysmon.Trojan]
content=Trojan Horse
tacindex=8
[Win32.Thunk]
content=Trojan Horse
tacindex=8
[Win32.Torvil]
content=Worm
tacindex=10
[Win32.Trojan.Agent.bi]
content=Allows remote access to infected computer, downloads code from the internet, deletes files and generally reduces system security
tacindex=6
[Win32.Trojan.Agent.cp]
content=downloads code from the internet, reduces system security, leaves non-infected files on computer
tacindex=6
[Win32.Trojan.Agent.cs]
content=allows others to access the computer, reduces system security
tacindex=6
[Win32.Trojan.Agent.em]
content=Trojan Agents can perform a multitude of malicious tasks such as keylogging, downloading and installing of software and making the system more vunerable to other threats
tacindex=6
[Win32.Trojan.Agent]
content=Win32.Trojan.Agent may download and install adware program(s) to the victim machine. May change configurations for Windows Explorer and for Windows interface.
tacindex=10
[Win32.Trojan.Bacros]
content=Trojan
tacindex=8
[Win32.Trojan.Bacteria]
content=Win32.Trojan.Bacteria is a worm that spreads through P2P or other file sharing networks. When it is executed an error message is presented to trick the user that the program don't work. It will create file in c:\ and add it self into the registry.
tacindex=10
[Win32.Trojan.Bube.k]
content=Virus / Trojan Horse. Changes browsing results. Drops additional applications. Causes unnecessary load on the computer.
tacindex=10
[Win32.Trojan.ByteVerify.A]
content=TrojanDropper.Exploits a vulnerability in the Java Virtual Machine.(For details see Microsoft Security Bulletin MS03-011 and download a patch)
tacindex=8
[Win32.Trojan.Chimo-B]
content=Connects to a remote system to transmit configuration data. The Trojan connects to a remote site and collects configuration data. Allows remote users send email through the infected computer.
tacindex=9
[Win32.Trojan.ComputerHijacker]
content=Win32.Trojan.ComputerHijacker is a virus that tries to Hijack your computer and force you pay to save the data.
tacindex=10
[Win32.Trojan.Crypt]
content=Trojan downloader
tacindex=10
[Win32.Trojan.Delf.cf]
content=trojan
tacindex=7
[Win32.Trojan.Delf.dq]
content=Trojan
tacindex=8
[Win32.Trojan.Delf]
content=Win32.Trojan.Delf is a keylogger and trojan.
tacindex=10
[Win32.Trojan.Delprot.a]
content=Trojan horse
tacindex=6
[Win32.Trojan.DesktopHijack]
content=modifies the home page and desktop settings on a compromised computer. Normaly droped by trojan downloaders.
tacindex=10
[Win32.Trojan.Dialer.ay]
content=A trojan dialer application
tacindex=10
[Win32.Trojan.Dialer.iy]
content=trojan dialer
tacindex=5
[win32.Trojan.Dnschanger]
content=Win32.Trojan.DNSChanger alters DNS name lookup results. It may be used for phishing and other malicious purposes. This trojan has been distributed by trojan downloaders.
tacindex=10
[Win32.Trojan.Downloader]
content=Win32.Trojan.Downloader is a generic family encompassing a large number of Trojan Downloaders / Dropper files and malicious changes made by such files. All content in this family is malicious and should be removed from your system.
tacindex=10
[Win32.Trojan.Fynben]
content=Trojan
tacindex=8
[Win32.Trojan.Gamania]
content=A trojan that passing referral ID to the various money making websites
tacindex=10
[Win32.Trojan.Gunbound]
content=Backdoor Trojan
tacindex=10
[Win32.Trojan.Hexdoor]
content=Win32.Trojan.Hexdoor is a malware downloader and backdoor program.
tacindex=10
[Win32.Trojan.Hpt.j]
content=Trojan Horse
tacindex=10
[Win32.Trojan.IZD]
content=Win32.Trojan.IZD is a trojan that installs a backdoor on the compromised system.
tacindex=10
[Win32.Trojan.Keylogger]
content=Generic Keylogger Family. All content detected as this family is highly malicious and should be removed from your system immediately
tacindex=10
[Win32.Trojan.KillAV]
content=Win32.Trojan.KillAV is a trojan that tries to terminate or even remove antivirus or firewalls on users computers
tacindex=10
[Win32.Trojan.Klone]
content=Installs new files and suspicious processes run in stealth for the user. License agreement and a functional uninstaller do not exist.
tacindex=3
[Win32.Trojan.Kolweb]
content=Virus
tacindex=10
[Win32.Trojan.Krepper]
content=Trojan
tacindex=7
[Win32.Trojan.LowZones.Aw]
content=Trojan Downloader. Lowers security settings for IE. Operates in stealth.
tacindex=7
[Win32.Trojan.LowZones.bc]
content=Win32.Trojan.LowZones.BC reduces security settings within Internet Explorer, adding known adware / malware sites to the trusted domains list. This allows non-consensual installation of software through the web browser.
tacindex=10
[Win32.Trojan.LowZones]
content=Win32.Trojan.LowZones.BC reduces security settings within Internet Explorer, adding known adware / malware sites to the trusted domains list. This allows non-consensual installation of software through the web browser.
tacindex=10
[Win32.Trojan.MatrisHasYou]
content=Win32.Trojan.MatrixHasYou is a set of downloaders, mail spam bot, rootkits, fake alerts and desktop Hijackers. It also downloads other Malware such as Pesttrap. After clearing with Adaware we strongly recommened you to seek further help at the Lavasoft Support forum, http://www.lavasoftsupport.com/
tacindex=10
[Win32.Trojan.MatrixHasYou]
content=Win32.Trojan.MatrixHasYou is a set of downloaders, mail spam bots, rootkits, fake alerts and desktop hijackers. It also downloads other malware such as Pesttrap. After clearing with Ad-Aware SE we strongly recommend you seek further help at the Lavasoft Support forum: http://www.lavasoftsupport.com/. We also recommend you to scan your computer with a antivirus program.
tacindex=10
[Win32.Trojan.Mirc]
content=A program that could be used as a trojan backdoor. Could connect to Mirc servers on the net and a person could controll our computer. Runs hided in the background.
tacindex=10
[Win32.Trojan.Pakes]
content=Win32.Trojan.Pakes is a backdoor program that allows a remote attacker to execute code on the infected system
tacindex=10
[Win32.Trojan.Post]
content=Trojan.
tacindex=7
[Win32.Trojan.Prorat-D]
content=Trojan horse, opens system vulnerability, gives attacker full control over system
tacindex=10
[Win32.Trojan.Puper.d]
content=Trojan
tacindex=6
[Win32.Trojan.Qhost]
content=Virus. Alters hosts-information
tacindex=10
[Win32.Trojan.Runner]
content=Win32.Trojan.Runner is used to let malicious programs run on the system.
tacindex=10
[Win32.Trojan.SARS]
content=Logs keystrokes, Steals credit card numbers, ftp, mail and web login accounts Alters the windows hostname file to prevent popular antivirus updates from executing
tacindex=10
[Win32.Trojan.SDBot]
content=Win32.Trojan.SDBot is a generic family of backdoors. It open access for a hacker thru a IRC channel to a compromised computer.
tacindex=10
[Win32.Trojan.SecuIndex]
content=Shows fake security warnings as a message box, icons in the system tray, in order to deceive users to download and install programs from possible malicous web sites
tacindex=5
[Win32.Trojan.Small]
content=Trojan
tacindex=7
[Win32.Trojan.Spambot]
content=A spambot that might operates in stealth. Normaly change the firewall settings to be able to be connected from internet to start mail attacs.
tacindex=10
[Win32.Trojan.Spy]
content=Trojan Backdoor "SubSeven"
tacindex=10
[Win32.Trojan.Starter]
content=Win32.Trojan.Starter installs by stealth, and may download spyware and adware to the system
tacindex=10
[Win32.Trojan.StartPage]
content=Win32.Trojan.StartPage is a trojan that change your startpage in IExplorer. It might download more unwanted program from Internet to your computer. Win32.Trojan.Startpage might be installed by other trojans.
tacindex=10
[Win32.Trojan.Zolker]
content=IE Browser Hijacker, Hijacks your startpage and pops up multiple advertisements ,creates a lot of desktop icons to porn etc.
tacindex=10
[Win32.TrojanClick.Spywad.b]
content=displays an HTML file that claims the system is infected with spyware, lures users to visit certain resources
tacindex=6
[Win32.TrojanClicker]
content=Trojan horse.
tacindex=10
[Win32.TrojanDowloader.Agent.jq]
content=TrojanDropper
tacindex=7
[Win32.TrojanDownloader.Access.A]
content=Trojan Downloader, operates in stealth, connects to remote system at random intervals to download additional components
tacindex=8
[Win32.TrojanDownloader.Access.B]
content=Trojan Downloader, operates in stealth, connects to remote system at random intervals to download additional components
tacindex=8
[Win32.TrojanDownloader.Adload]
content=Win32.TrojanDownloader.Adload is a Virus. It may download additional files and may also display ads.
tacindex=10
[Win32.TrojanDownloader.Agent.al]
content=TrojanDropper
tacindex=7
[Win32.TrojanDownloader.Agent.am]
content=Trojan downloader
tacindex=10
[Win32.TrojanDownloader.Agent.ap]
content=TrojanDropper
tacindex=7
[Win32.TrojanDownloader.Agent.Ay]
content=Downloads malicious software from the internet, operates in stealth, undisclosed installation.
tacindex=7
[Win32.TrojanDownloader.Agent.bq]
content=TrojanDownloader
tacindex=10
[Win32.TrojanDownloader.Agent.dc]
content=TrojanDropper
tacindex=7
[Win32.TrojanDownloader.Agent.De]
content=Downloads malicious software from the internet, operates in stealth, undisclosed installation.
tacindex=7
[Win32.TrojanDownloader.Agent.ih]
content=trojan dropper
tacindex=6
[Win32.TrojanDownloader.Agent]
content=trojan downloader
tacindex=10
[Win32.TrojanDownloader.Banload]
content=Win32.TrojanDownloader.Banload is downloading Win32.TrojanSpy.Bankers. The malicous downloaded files are running i stealth and waits for the user to login on a specific bank domain. When this happens it transmits banking information without the user's explicit permission.
tacindex=10
[Win32.TrojanDownloader.Cabdialer]
content=Trojan Downloader. Downloads various premium rate dialers. Operates in stealth.
tacindex=7
[Win32.TrojanDownloader.Centim]
content=Virus
tacindex=10
[Win32.TrojanDownloader.ConHook]
content=a trojan downloader, may responsible for installing variants of Vundo
tacindex=10
[Win32.TrojanDownloader.Delf]
content=Win32.TrojanDownloader.Delf installs itself in stealth, and may connect to various sites to download other viruses or malware to your system. This item should be removed from your system immediately.
tacindex=10
[Win32.TrojanDownloader.h]
content=Trojan Downloader, operates in stealth, connects to remote system at random intervals to download additional components
tacindex=8
[Win32.TrojanDownloader.IstBar.hg]
content=Win32.TrojanDownloader.IstBar.hg is a trojan downloader which can drop advertising content and other unwanted software on the affected system
tacindex=10
[Win32.TrojanDownloader.Lastad.h]
content=trojan downloader
tacindex=6
[Win32.TrojanDownloader.Lastad.n]
content=trojan downloader
tacindex=6
[Win32.TrojanDownloader.Lemmy]
content=Trojan downloader. Downloads and installs software in stealth.
tacindex=7
[Win32.TrojanDownloader.LookMe]
content=Trojan Downloader. Downloads malicious components from the Internet. Operates in stealth
tacindex=7
[Win32.TrojanDownloader.Qoologic]
content=Trojan downloader
tacindex=10
[Win32.TrojanDownloader.Small.aaq]
content=download a file from a remote website to winampa.exe in the c:\ folder, and then run it
tacindex=8
[Win32.TrojanDownloader.Small.abd]
content=a Windows downloader Trojan which attempts to download files from a remote website and run them
tacindex=8
[Win32.TrojanDownloader.Small.adg]
content=Trojan downloader, attempts to download and excute a file from www.amxgames.net to program files folder
tacindex=8
[Win32.TrojanDownloader.Small.aly]
content=a Windows downloader Trojan which attempts to download a file from a remote website and run it
tacindex=8
[Win32.TrojanDownloader.Small.awa]
content=TrojanDownloader. Downloads and installs malware and dubious software from vxiframe.biz. Runs completely in stealth. Disables taskmanager.
tacindex=10
[Win32.TrojanDownloader.Small]
content=Trojan downloader. Downloads and installs software in stealth.
tacindex=7
[Win32.TrojanDownloader.Swizzor.bo]
content=drops other malware, downloads code from the internet
tacindex=7
[Win32.TrojanDownloader.Swizzor.br]
content=Distributed through unsolicited installations. Runs in stealth. Downloads and installs various third party malware objects.
tacindex=8
[Win32.TrojanDownloader.Tibs]
content=this trojan program downloads files via the Internet without the user's knowledge/consent. It registries a file in the system registry to ensure the trojan program will be launched each time Windows is rebooted. In addition, this trojan will download, install other malicious on the victim machine.
tacindex=10
[Win32.TrojanDownloader.TSUpdate]
content=Trojan horse
tacindex=10
[Win32.TrojanDownloader.VB]
content=Trojan downloader. Retrieves and installs additional files.
tacindex=10
[Win32.TrojanDownloader.Wintrim]
content=A Trojan Downloader. Tries to circumvent security settings.
tacindex=10
[Win32.TrojanDownloader.Xuma.A]
content=Distributed through unsolicited installations.Runs in stealth.Downloads and installs various third party malware objects.
tacindex=7
[Win32.Trojandownloader.Zlob]
content=Win32.Trojandownloader.Zlob installs in stealth, opening backdoors on the computer and downloading other applications such as SpyAxe and other rogue anti-spyware software.
tacindex=10
[Win32.TrojanDropper.Pincher]
content=trojan horse, steals passwords and opens a back door on compromised computer
tacindex=8
[Win32.TrojanDropper]
content=Drops Trojan horses or Backdoor Trojans onto an infected computer.
tacindex=10
[Win32.TrojanDropper.Vidro]
content=Virus
tacindex=10
[Win32.TrojanProxy.Agent.dl]
content=downloads code from internet
tacindex=7
[Win32.TrojanProxy.Lamb]
content=Currently there is no more information about it. But it dropps files to the %windir%\system32 folder: actsetup.exe, actsie4.exe, gdb32.exe. Original file: winmain.exe
tacindex=6
[Win32.TrojanProxy.Mitglieder.bi]
content=Trojan horse, allows a compromised system to be used as an email relay, such as relay spam, terminates the processes associated with various antivirus and security
tacindex=7
[Win32.TrojanProxy.Mitglieder.dc]
content=Trojan horse, allows a compromised computer to be used as an email relay, attempt to steal email addresses and lower security settings
tacindex=7
[Win32.TrojanProxy.Small]
content=Trojan. Opens vulnerabilties/allowes remote control.
tacindex=7
[Win32.Trojan-PSW.Lineage]
content=Virus, steals passwords
tacindex=10
[Win32.Trojan-PSW.Sinowal]
content=It is PSW trojan which steals passwords, normally system passwords from victim machines
tacindex=10
[Win32.TrojanPWS.LdPinch]
content=Win32.TrojanPWS.LdPinch is a trojan that will run in the background and monitor the user while surfing. It will also try to steal passwords from different kinds of messengers and ftp programs. Stolen information is sent back using either email or http traffic.
tacindex=10
[Win32.TrojanPWS.OnlineGames]
content=Win32.TrojanPWS.OnlineGames is a trojan that focus mainly on stealing login information for online games by monotoring keystrokes and sending them to a remote host.
tacindex=10
[Win32.TrojanPWS.QQPass]
content=Win32.TrojanPWS.QQPass is a password stealing trojan that hooks itself into the system.
tacindex=10
[Win32.TrojanSpy.Bancos]
content=Win32 Virus
tacindex=10
[Win32.TrojanSpy.Banker]
content=The banker trojans focus on stealing information related to online banking; passwords, PIN codes, and other related information. This family receives a 10, the highest threat level on the Lavasoft TAC index
tacindex=10
[Win32.TrojanSpy.Goldun]
content=Win32.TrojanSpy.Goldun is a virus spyware.
tacindex=10
[Win32.TrojanSpy.Small.ak]
content=Steals information
tacindex=7
[Win32.TrojanSpy.Small]
content=a spyware trojan, sends out information from compromised computer without the user's knowledge or permission
tacindex=10
[Win32.Turown.h]
content=Trojan Downloader
tacindex=6
[Win32.Welchia.B]
content=Worm
tacindex=8
[Win32.Welchia]
content=Worm
tacindex=8
[Win32.Win9x.CIH]
content=Win32.Win9x.CIH is a memory resident win9x virus that infects Windows executable files.
tacindex=10
[Win32.Winshow]
content=Generic browser hijacker. Opens unsolicited websites, hijacks IE home+search pages.prevents manual removal
tacindex=7
[Win32.Wintrim.Trojan.B]
content=Trojan\Malware Dropper. Installs unsolicited, downloads various malware.
tacindex=7
[Win32.Worm.Agobot.E]
content=Worm, Operates in Stealth
tacindex=5
[Win32.Worm.Hotlix]
content=Win32.Worm.Hotlix is a MSN password stealing trojan. The trojan will trick the user with a false error messeage to enter the password to the trojan.
tacindex=10
[Win32.Worm.MSNMaker]
content=Win32.Worm.MSNMaker is a worm that spreads through MSN by sending links to all MSN contacts on the compromised computer. The links point to malicious files used to compromise more computers.
tacindex=10
[Win32.Worm.Tibick]
content=Win32.Worm.Tibick doesnt do much damage to the host computer, but has an internal IRC client that it uses to distribute itself on to other users.
tacindex=10
[Win32.Worm.Warezov]
content=Win32.Worm.Warezov is a worm that spreads through e-mail. When infecting a new computer it will scan it for e-mail addresses and then mail itself to those addresses. It may also alternate your host file to block you from accessing certain web sites.
tacindex=10
[Win32.Worm.Viking]
content=Win32.Worm.Viking injects itself into system processes and attempts to spread using Windows RPC service
tacindex=10
[WinAD]
content=WNAD Ad Client. TwistedHumor.
tacindex=7
[WinAntiSpyware]
content=WinAntiSpyware is another incarnation of the Winfixer software. Similar in appearance, function, and also coming from the same IP address as Winfixer; this software has been reported to be force installed and/or use aggressive and misleading advertising to persuade the user into installing it.
tacindex=10
[WinAntiVirusPro]
content=WinAntiVirusPro is a rogue anti-errorware that trick the user into buying the commercial version. WinAntiVirusPro's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped up from files and processes installed by trojans, that scare / trick the user into clicking yes.
tacindex=10
[Windows]
content=General Windows Security Issue. Your system security may be compromised. The specifics of the possible compromised item are listed in the comments section.
tacindex=3
[WindUpdates.MediaPass]
content=Installs through Active-X and displays targeted advertisements
tacindex=3
[WindUpdates]
content=Dataminer, Installs unsolicited (bundeled), tracks browser usage, installs and transmits an unique ID.
tacindex=8
[WinFavorites]
content=No uninstaller. Opens unsolicited websites.
tacindex=6
[WinFixer]
content=Winfixer is a rogue anti-errorware that uses false positives to trick the user into buying the commercial version. Winfixer's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped up from files and processes installed by trojans, that scare / trick the user into clicking yes. Attempts to close install dialogues are recursive; they simply pop-up when clicking cancel. Uninstalling and restarting leads to the installer being run again at reboot. Winfixer is closely associated to the Vundo trojan, which tightly integrates into the operating system which could lead to system instability.
tacindex=10
[WinHound]
content=It claims to be a genuine anti-spyware program but give exaggerated reports of threats on the computer to attract the user to purchase a registered version; it belongs to the same company as AlfaCleaner.
tacindex=3
[Wink]
content=Opens unsolicited websites/pop up windows. Generic Dialer
tacindex=5
[WinLocator BHO]
content=Browser Hijacker.
tacindex=5
[WinlogonEXE]
content=Browser Hijacker.
tacindex=5
[WinManage]
content=No uninstaller. Operates in stealth.
tacindex=4
[WinpcNOW]
content=No uninstaller. Opens unsolicited websites.
tacindex=4
[WinPopup]
content=Opens unsolicited websites/pop up windows. May cause Explorer instability.
tacindex=6
[Winpup32]
content=Opens unsolicited websites/pop up windows. May cause browser instability. No uninstaller.
tacindex=6
[WinRes Hijacker]
content=Cannot browse in Internet Explorer after installation. Browser Hijacker.
tacindex=8
[VirtualBouncer]
content=Bundled install that is undisclosed. Opens unsolicited websites.
tacindex=5
[Virtumonde]
content=No uninstaller. Bundled install that is undisclosed. May cause system instability. Auto updates. Opens unsolicited websites. There is a Virtumonde removal tool available at http://www.lavasoft.com/download for the variants which cannot easily be removed
tacindex=10
[VirusBlast]
content=VirusBlast is a rogue anti-errorware that trick the user into buying the commercial version. VirusBlast's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped up from files and processes installed by trojans, that scare / trick the user into clicking yes.
tacindex=3
[VirusBurst]
content=VirusBurst is a rogue anti-errorware that trick the user into buying the commercial version. VirusBurst's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped up from files and processes installed by trojans, that scare / trick the user into clicking yes.
tacindex=3
[Virusek Hijacker]
content=Trojan. Operates in stealth.
tacindex=3
[WishBone-Toolbar]
content=Marketed as a pop up blocker. Tracks browser and search use. Displays ads in the toolbar.
tacindex=5
[Visicom Media]
content=Browser Hijacker.
tacindex=3
[VisuExplorer]
content=Visual Explorer toolbar component
tacindex=5
[VitaTrade]
content=Generic Dialer.
tacindex=5
[VividGal]
content=Porn Dialer.
tacindex=5
[Vizu.langochat]
content=No uninstaller. Operates in stealth. May cause Explorer instability.
tacindex=6
[VoiceGlo]
content=No uninstaller. Installs by use of ActiveX
tacindex=3
[VoiceIP]
content=Operates in stealth, Automatically checks for updates, Contains code for malicious upgrades, References to CoolWebSearch
tacindex=8
[WonderGate]
content=No uninstaller. Installs by use of ActiveX.
tacindex=5
[Voonda Toolbar]
content=adds a toolbar into the Internet Explorer
tacindex=3
[WordsText]
content=IE Hijacker, BrowserHelper Object.Installed undisclosed by various malware-downloaders.Tracks keywords.
tacindex=7
[World Wide WebMarketing]
content=Generic Dialer.
tacindex=5
[Worm.P2P.SdDrop.c]
content=Worm
tacindex=8
[Wotch.Mediaman]
content=Opens unsolicited websites/pop up windows
tacindex=3
[WurldMedia]
content=Thiefware. Redirects the browser to their affilates sites when the user makes a purchase.
tacindex=9
[VX2]
content=Malware. Causes Popups and may install unsolicited software.
tacindex=10
[xirc.darkwarez]
content=Trojan Horse
tacindex=5
[Xupiter]
content=Installed by ActiveX drive by download. Browser/searchengine hijacker. Causes (porn related) pop unders.
tacindex=8
[XXOR]
content=n/a
tacindex=5
[YellowPages]
content=A browser helper object, bundled with 3rd party applications, which delivers ads to the client machine. No apparent EULA or privacy policy
tacindex=3
[Yok Toolbar]
content=Yok Toolbar is a Chinese searching assistant application, it can switch search engines from google, baidu to yahoo, zhongsou and other search engines. The major problems of this application:there is no EULA, no privacy policy; install without users' consent.
tacindex=5
[YourSiteBar]
content=IEHiacker, distributed through undisclosed installations, some variants dropped by Favoriteman
tacindex=6
[Zango]
content=Connects to a remote system with or without the user's awareness to transmit and receives information. Tracks user's surfing habits.
tacindex=4
[ZapSpot]
content=Tracks users browsers, displays ads. Older versions contain EverAd Ad client component.
tacindex=5
[ZaZZeR]
content=No uninstaller. Operates in stealth. Opens unsolicited websites.
tacindex=6
[ZeroPopUp]
content=Internet Explorer toolbar with a pop-up blocking feature, which also hijacks homepage and search settings. Also known as ZeroPopUpBar. *Note not affilliated with "ZeroPopup" by "Tooto Technologies".
tacindex=6
[ZipclixToolbar]
content=Browser Hijacker, adds a Toolbar into the Internet Explorer.
tacindex=3
[ZippyToolbar]
content=Browser Hijacker. No uninstaller or EULA.
tacindex=8
[znzz.iexplore]
content=No uninstaller. Installs and Operates in stealth.
tacindex=8
[Zoombar]
content=Zoombar is a Browser Hijacker that redirects your browsing when you enter a URL (internet address) to navigate to. Zoombar installs unsolicited and connects to remote systems without user consent to transmit information for advertising purposes
tacindex=5
[Zorg.Goldxsites]
content=Browser Hijacker
tacindex=6
[ZSearch]
content=Browser Hijacker.
tacindex=5
[ZSites]
content=n/a
tacindex=5
[ZToolbar]
content=BHO Toolbar, ZToolbar gets dropped by dropper.
tacindex=10
[Zupex]
content=No uninstaller. Operates in stealth.
tacindex=6
[Zuvio.com]
content=Browser Hijacker.
tacindex=3
[ZyncosMark]
content=Opens unsolicited websites/pop up windows


and that's all there is. Hope this is helpful

#6 Ai_Tak

Ai_Tak

    Advanced Member

  • Members
  • PipPipPip
  • 1372 posts

Posted 31 January 2007 - 02:30 AM

...
...
...
[180Solutions]
content=Installs and operates in stealth. Opens pop up windows. Also named 180SearchAssistant
tacindex=4
[2020Search]
content=Malware, Hijacker
tacindex=4
[2-seek Toolbar]
content=Browser Toolbar with no EULA and incomplete uninstaller
tacindex=3
...
...
...
[ABetterInternet.Aurora]
content=Transponder (VX2)-stuff
tacindex=10
[ABetterInternet.Nail]
content=ABetterInternet.Nail, previously known as VX2, is a component of Direct Revenue's Aurora. Nail can integrate tightly with the operating system and may require a removal tool to be run to completely eliminate it. Lavasoft provides the VX2 Cleaner for this purpose, which can be found at http://www.lavasoft.com/download
tacindex=5
...
...
...
...
[WallaBar]
content=Browser Hijacker.
tacindex=5
...
...
...
...
[WebDialer]
content=Porn dialer.
tacindex=5
[WebHancer]
content=Installs a LSP (Hooks into winsock) all packets are passed through WebHancer.
tacindex=9
...
...
...
...
[Zuvio.com]
content=Browser Hijacker.
tacindex=3
[ZyncosMark]
content=Opens unsolicited websites/pop up windows
and that's all there is. Hope this is helpful

You just posted the descriptions for all the things that ad-aware detects... Why??

#7 simon1

simon1

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 31 January 2007 - 04:32 AM

Hello - thank you for your reply. Your question as to why I posted the adaware information - was uncertain whether it was something that was necessary. I apologize as I now realize that the only thing which you would have needed was the top portion which indicated that there was no malware. Again my apologies.

#8 simon1

simon1

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 03 February 2007 - 09:38 PM

My question is if HKEY_USERS\S-1-5-21-3601647582-471559409-1189122813-1005 appears in the MRU listings as spyware - can I safely delete all the file references in regedit? Please advise.

#9 Ai_Tak

Ai_Tak

    Advanced Member

  • Members
  • PipPipPip
  • 1372 posts

Posted 08 February 2007 - 04:12 AM

MRU (most recently used) are irrelevent, uncheck detection for them and don't bother with them.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users