Privacy=Do you collect personally identifiable information on people who simply visit your sites while web-surfing?%0D0ANo. We only collect personally-identifiable information when people voluntarily provide such information, such as when they sign up for a service or promotional event. For web-surfers who simply visit our sites, or click onto banner ads, we collect anonymous Click Stream Data that permits us to provide better, targeted advertising messages.%0D%0A%0D%0AWhat is Click Stream Data?%0D%0AClick Stream Data is anonymous information on a web surfer, such as a web surfer's IP address, web pages which have been viewed by a surfer, date and time, domain type, and responses to advertisements.
Description=I wonÆt call a saved IP in combination with a log of visited web pages anonymous!
EditDate=20021020
SalisburyID=60
[Avenue A, Inc.]
Company=Avenue A, Inc.
Product=Cookie
Threat=Tracking cookie or cookie of tracking site
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=They say they no longer do tracking.
EditDate=20021020
SalisburyID=61
[ClickFinders]
Company=ClickFinders
Product=Cookie
Threat=Tracking cookie or cookie of tracking site
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Their cookie itself is a tracking cookie.
Privacy=What We Collect and How We Use It%0D%0AFrom our Web site visitors:%0D%0AUnless you elect to Opt-out of Tracking, Coremetrics collects non-personally identifiable information about you when you visit this site including information such as your IP address, the type of browser you are using and when you visited the site. We will also collect your personally identifiable information (PII) that you volunteer in emails or on any of our forms, such as name, address, telephone number, e-mail address, company information and resume information. Coremetrics may use this information so that you receive the content and information you request and/or would require, for our own marketing purposes or to consider your application for a position with Coremetrics.[...]
Description=Relatively harmless until you enter your data into their forms.
Privacy=No personal information is used by DoubleClick to deliver Internet ads.%0D%0ADoubleClick does not use your name, address, email address, or phone number to deliver Internet ads. DoubleClick does use information about your browser and web surfing to determine which ads to show your browser.
Description=Uses information about your web surfing that could include any information, like accounts and passwords.
Privacy=What anonymous information is collected on this site?%0D%0AAnonymous clickstream information is collected for every visitor to this site. This includes pages viewed, date and time, and browser type. [à]%0D%0A%0D%0AHow does this site use cookies?%0D%0AEngage uses cookies to identify your browser as you visit pages on the Engage site or sites in the Engage media network. Cookies allow Engage to gather anonymous clickstream information. Cookies also allow Engage to provide more relevant, targeted advertising as you travel through sites in the Engage media network.
Description=Targeted advertisemnt. Fair enough, they state the donÆt keep the recorded IP. But they donÆt need to if they save an unique ID in their cookie.
Privacy=Cookies%0D%0AA cookie is a small text file that a Web site can store on a user's PC on a temporary or a permanent basis. The cookie set by Enliven when an advertisement is served to your computer contains only an anonymous, randomly generated unique identification number. Cookies by themselves (and especially those containing only anonymous ID numbers) cannot be used to find out the identity of any user.%0D%0AAt the point of getting a request for an ad from the Web page a user visits, Enliven collects the following data related to the current advertising transaction: IP address, Enliven cookie number, the Web page from which the ad is requested, Search Terms (if in a search context), Browser type, and Operating System type. [à] We will update this privacy policy if our data collection and usage practices ever change.
Description=A unique number and the IP would be enough for me to call it tracking; but to also save search terms is even worse.
Privacy=We may use cookies to:%0D%0AKeep count of your return visits to our site or our clients' sites %0D%0AAccumulate and report anonymous, aggregate, statistical information on Web site usage %0D%0ADeliver content specific to your interests
Description=How do they want to deliver specific content, if not by watching my surfing behaviour?
Privacy=Cookies assist Commission Junction in tracking Internet Users' activities beginning from a Publisher's web site or subscription e-mail through an Advertiser's web site that the Internet User links to from the Publisher's site or e-mail.%0D%0ACommission Junction uses anonymous user data to create and report the browsing, purchasing and/or lead form completion activities of anonymous users.
Privacy=Keep count of your return visits to our site or our clients' sites,deliver content specific to your interests,save your password so you don't have to re-enter it each time you visit our sites.
Privacy=These companies may use information (not including your name, address, e-mail address or telephone number) about your visits to this and other Web sites to provide advertisements about goods or services that may be of interest to you.
Description=This is a cookie storing the user's ip-address.
[Action Liveshow Showtime]
Company=
Product=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
EditDate=20021020
SalisburyID=69
[BillByCall]
Company=TELEACTION Services GmbH
Product=
Threat=Dialer
CompanyURL=http://www.billbycall.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
XBlockID=404
EditDate=20021020
SalisburyID=70
[WebDialer]
Company=
Product=WebDialer aka DialerFactory aka HighSpeed
Threat=Dialer
CompanyURL=http://www.dialerfactory.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Dialer for Germany, Switzerland, Austria, Belgium, Canada, China, Czech Republic, Denmark, Egypt, Spain, Finland, France, Greece, Netherlands, Hongkong, Morocco, India, Ireland, Italia, Japan, Norway, Poland, Russian Federation, Sweden, Turkey, United Kingdom, USA, Venezuella
Functionality=Dialer for Germany, Austria, Switzerland, UK, Netherlands, Spain, Australia, Sweden, Norway, Danmark, Belgium, Italy, Ireland, Greece, Hongkong, Japan
Privacy=
Description=No real privacy policy, EULA is in german. Links to this dialer get sent as unrequested spam. Owner threatened to sue for molestation after asking him by mail to stop spam.
Description=Adds RAS phonebook entry and sets it as default. No real privacy policy, EULA is in german. Links to this dialer get sent as unrequested spam. Owner threatened to sue for molestation after asking him by mail to stop spam.
EditDate=20021020
SalisburyID=81
[Aconti]
Product=Aconti
Company=A Lifestyle GmbH
Threat=Dialer
CompanyURL=http://www.aconti.net/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It dials up a toll number without user consent.
[InterFun]
Company=
Product=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Dialer, some about Ç 50 per call.
Privacy=
Description=Upon clicking 'enter', a window is opened saying 'opening website', while in the background the connection is made.
Description=Tested installer tries to cloak file extension - is labeled scene1.part2.mpeg.exe. Seems to be based on X-Diver. Dial in is up to Ç 300 (above installer for 'Soft Teens') !!!
Description=Dialer for Australia, Austria, Belgium, Germany, Greece, Italy, Luxembourg, Netherlands, Spain, Switzerland, United Kingdom, Finland, Singapore, Ireland, Jordan, Kenya, South Africa, Morocco, Pakistan, Cyprus, Denmark, Kazakstan, Portugal. Does also try to connect to the internet. Runs blindly in the background even if exited.
EditDate=20021020
SalisburyID=92
[EroStars]
Company=Flexcall Medien, Inh. Oliver Penzel
Threat=Dialer
CompanyURL=http://www.partnerprogramme-erotik.de/
Function=Seems to be branch of Hacker.ag or vice versa
Description=Dialer for Germany, Austria, Switzerland, Italy, UK, Spain, Belgium, Netherlands, Greece, Finland, Japan, USA
EditDate=20021020
SalisburyID=93
[RatedXXX]
Threat=Dialer
Description=Dialer for New Zealand (also international calls to NZ), also hijacker of IE start page.
EditDate=20021020
SalisburyID=94
[Huysuzseks]
Threat=Dialer
CompanyProductURL=http://www.turkhatun.com/
Description=Dialer for Australia, Austria, Belgium, Germany, Greece, Italy, Netherlands, Spain, Switzerland, Turkey, UK, US
EditDate=20021020
SalisburyID=95
[PCFun]
Threat=Dialer
Description=Dialer for Italy
EditDate=20021020
SalisburyID=96
[TeenXXX]
Threat=Dialer
Description=Dialer for US, UK, Germany, Netherlands, France, Italy, Albania, Algeria, Anguilla, Argentinia, Australia, Austria, Bahamas, Bangladesh, Barbados, Belgium, Benin, Bermuda, Bosnia & Herzegovina, Brazil, British Virgin Islands, Bulgaria, Burkina Faso, Cameroon, Canada, Chile, China (PRC), Colombia, Congo Republic (formerly Zaire), Cook Islands, Costa Rica, Croatia, Cyprus, Czech Republic, Denmark, Djibouti, Dominica, Dominican Republic, Egypt, El Salvador, Ethiopia, Faerie Islands, Falkland Islands, Finland, Gabon, Gambia, Gibraltar, Greece, Greenland, Grenada, Guam, Guatemala, Guinea (PRP), Guyana, Haiti, Honduras, Hong Kong, Hungary, Iceland, India, Indonesia, Iran, Iraq, Ireland, Israel, Ivory Coast (Cote d'lvoire), Jamaica, Japan, Jordan, Kenya, Korea (South), Kuwait, Lebanon, Lesotho, Liberia, Lybia, Luxembourg, Macau, Madagascar, Malawi, Malaysia, Mali Republic, Malta, Mauritania, Mexico, Montserrat, Morocco, Namibia, Nevis, New Zealand, Nicaragua, Niger, Nigeria, Norway, Oman, Pakistan, Panama, Papua New Guinea, Peru, Philippines, Poland, Portugal, Puerto Rico, Qatar, Russia, Rwanda, St Kitts/Nevis, St Lucia, St Vincent & Grenadines, Saudi Arabia, Senegal, Seychelles Islands, Singapore, Slovak Republic, Slovenia, South Africa, Spain, Sri Lanka, Sudan, Suriname, Sweden, Switzerland, Syria, Taiwan, Thailand, Togo, Tongo Islands, Trinidad & Tobago, Tunisia, Turkey, United Arab Emirates, US Virgin Islands, Uruguay, Venezuela, Yugoslavia, Zambia, Zimbabwe
EditDate=20021020
SalisburyID=97
[eCommerce]
Threat=Dialer
Description=Dialer for Afghanistan, Albania, Algeria, American Samoa, Andorra, Angola, Anguilla, Antigua and Barbuda, Argentina, Armenia, Aruba, Australia, Austra, Bahamas, Barbados, Belarus, Belgium, Belize, Benin, Bermuda, Bolivia, Botswana, Brazil, Brith Virgin Islands, Brunei, Bulgaria, Burkina Faso, Burund, Cambodia, Cameroon, Canada, Cape Verde, Cayman Islands, Central African Republic, Chad, Chile, China, Colombia, Comoros, Congo, Cook Islands, Costa Rica, Croatia, Cuba, Cyprus, Czech Republic, Denmark, Djibouti, Dominica, Dominican Republic, East Timor, Ecuador, Egypt, El Salvador, Equatorial Guinea, Eritrea, Estonia, Ethiopia, Falkland Islands, Faroe Islands, Fiji, Finland, France, French Guinea, French Polynesia, Gabon, Gambia, Germany, Ghana, Gibraltar, Greece, Greenland, Grenada, Guadeloupe, Guam, Guatemala, Guinea, Guinea-Bissau, Guyana, Haiti, Honduras, Hong Kong, Hungary, Iceland, India, Indonesia, Iran, Iraq, Ireland, Israel, Italy, Ivory Coast, Jamaica, Japan, Kazakhstan, Kenya, Kiribati, Korea (North), Korea (South), Kuwait, Latvia, Lesotho, Liberia, Lybia, Liechtenstein, Lithuania, Luxembourg, Macau, Madagascar, Malawi, Malaysia, Maldives, Mali, Malta, Marshall Islands, Martinique, Mauritania, Mauritius, Mexico, Moldovo, Monaco, Montserrat, Morocco, Mozambique, Myanmar, Namibia, Nauru, Netherlands, Netherlands Antilles, New Caledonia, New Zealand, Nicaragua, Niger, Nigeria, Niue, Northern Mariana, Norway, Pakistan, Palau, Panama, Papua New Guinea, Paraguay, Peru, Philippines, Poland, Portugal, Puerto Rico, Qatar, Reunion, Romania, Russia, Rwanda, St Kitts/Nevis, St Lucia, Samoa, San Marino, Sao Tome and Principe, Saudi Arabia, Senegal, Seychelles, Singapore, Slovakia, Slovenia, Somalia, South Africa, Spain, Sri Lanka, St. Helena, Sudan, Suriname, Sweden, Switzerland, Taiwan, Tajikistan, Tanzania, Thailand, Togo, Tokelau, Tonga, Trinidad & Tobago, Tunisia, Turkey, Tuvalu, Uganda, Ukraine, United Arab Emirates, UK, US, Uruguay, Vanuatu, Vatican City, Venezuela, Vietnam, Virgins Islands, Wallis and Futuna Island, Yugoslavia, Zaire, Zambia, Zimbabwe, Zolo
EditDate=20021020
SalisburyID=98
[TIBS]
Product=TIBS
Company=Tib Systems
Threat=Dialer
CompanyURL=http://www.tibsystems.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=TIBS is a content dialer.
Privacy=
Description=Due to required information not stated and illegal installation practices, like .chm exploit this dialer is to be considered illegal. Also, additional software may be installed prior to installation of a TIBS dialer without user consent.
[00SyncNet]
Threat=Dialer
EditDate=20021020
SalisburyID=100
[GoInDirect]
Threat=Dialer
Description=Dialer for Argentinia, Australia, Austria, Belgum, Bolivia, Brazil, Bulgaria, Canada, Chile, China, Colombia, Croatia, Cyprus, Czech Republic, Denmark, Ecuador, Egypt, Finland, France, Germany, Greece, Honduras, Hong Kong, Hungary, India, Indonesia, Ireland, Israel, Italy, Japan, Jordan,Korea, Luxembourg, Malaysia, Mexico, Netherlands, New Zealand, Norway, Panama, Paragguay, Peru, Philippines, Poland, Portugal, Puerto Rico, Romania, Russia, Saudi Arabia, Singapore, Slovenia, South Africa, Spain, Sweden, Switzerland, Taiwan, Thailand, Turkey, Ukraine, United Kingdom, Uruguay, Venzuela, Vietnum, Yugoslavia.%0D%0AShows fees only for countries where required.
Company=GoInDirect, 91 Rylander Boulevard Unit 7-240 Toronto Ontario M1B 5M5
Description=Dialer for Germany, Austria, Australia, Spain, Switzerland, USA, Luxembourgh. Comes from a Quiz site. More info in german: http://www.trojaner-info.de/news/dialer_millionengewinnspiel.shtml
Privacy="The connection to the Quiz server will be established on a secure internet connection. Your current line will be disconnected and a new connection will be made. This will be done completely without any troubles for you. For this connection, you'll be charged 1,86Ç by the Deutsche Telekom AG per minute on your next bill. This connection guarantees a fast and save play."
EditDate=20021027
SalisburyID=102
[Casino]
Threat=Dialer
Description=Dialer offering Casino access, violating german law by not telling it will close connection and open it's own. Secretely installs additional code.
EditDate=20021027
SalisburyID=103
[WebInstall]
Threat=Dialer/Hijacker
Company=Multiples, for example: Fussan Internetdienstleistungen
CompanyProductURL=http://www.steffi.cc/
Description=Dialer cloaked as 'Multimedia update' to view webcam pictures. No hint at the dialer functionality.
Threat=Dialer
EditDate=20021108
SalisburyID=104
[eConnect]
CompanyURL=http://cons.xrenoder.com/
CompanyProductURL=http://freehqmovies.com/
Description=Uninstaller available at http://econnect.libereco.com/uninstall/uninstall.exe
Threat=Dialer
Editate=20021109
SalisburyID=105
[MoneyTree]
CompanyProductURL=http://www.bobbiespage.com/
Description=Page installs multiple dialers. Adds itself to the list of trusted publishers. Could be a Central24 dialer because its certificate contains reference to Central24.
Description=The targeted dialer product is advertised in spam mail. Mail tells reader that 'Claudia' would commit suicide if the user doesn't dial in.
Privacy=[translated from german:]%0d%0Aº3.1: The webmaster may advertise as much as he wants according to his own ideas. Only the webmaster is responsible for the statements in this advertisement.[...]%0D%0Aº3.3: The webmaster agrees to keep IBS AG free of all disadvantages that could result through his bad behaviour.
Description=Seems to be very much the same as StarLux
SalisburyID=109
[CodeWeb]
Threat=Dialer
EditDate=20021120
Privacy="If you are of age only. NO VIRUS FOUND. The web site contains EROTIC LIVE WEBCAMS, PHOTOS, HARD MOVIES, MESSAGES AND VIDEO MESSAGES for adults only. If you click on Yes, the program disconnects you from your current provider and connects you again through a service that costs 2 EUR + IVA (2,4 EUR altogether) for minute, setting that as default connection. Please, use this connection to reach our services only. By making easier the access to the restricted area, the program sets that of the restricted area as start page. If you agree with the terms of use, IF YOU ARE OF AGE AND WANT TO SEE PORNOGRAPHIC STUFF, CLICK ON YES"
Description=Deletes its download file after installation
SalisburyID=118
[Dialler]
Threat=Dialer
EditDate=20030106
CompanyProductURL=http://powerdialler.com/
SalisburyID=119
[MasterConnector]
Threat=Dialer
EditDate=20020215
Company=Firstway Medien GmbH
Description=Dialup fee 59 Euro.
SalisburyID=278
[AllCyberSearch]
Company=Unknown
Product=AllCyberSearch
Threat=Browser hijacker
CompanyURL=http://www.allcybersearch.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Redirects IE standard search pages to the AllCyberSearch search page. Same Family as EzCyberSearch and GoCyberSearch (which is also listed as AllCyberSearch). Includes also TinyBar which seems to be the same page.
Privacy=Couldn't find a privacy statement
Description=There is no privavy statement on their website, so nobody knows what data they collect and what they use it for.
EditDate=20021020
SalisburyID=26
[GoCyberSearch]
Company=Unknown
Product=GoCyberSearch
Threat=Browser hijacker
CompanyURL=http://www.gocybersearch.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=Couldn't find a privacy statement
Description=There is no privavy statement on their website, so nobody knows what data they collect and what they use it for. The list of keywords is unprotected at http://www.gocybersearch.com/searchbar/log-clicks-bar.csv . The same directory also contains some scripts giving statistics to everyone who wants to look at them.
EditDate=20021020
SalisburyID=27
[Cool-XXX]
Company=
Product=Cool-XXX
Threat=Browser hijacker
CompanyURL=http://www.cool-xxx.net/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
EditDate=20021020
SalisburyID=28
[Duolaimi]
Company=
Product=
Threat=(Unverified) Browser hijacker
CompanyURL=http://www.duolaimi.net/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=According to the CEXX forum, resets start page to use duolaimi.net as a forwarder to the real start page, and locks the start page settings. Clicking on a category on duolaimi.net also opens a hidden window doing some very memory-intensive script operations.
Description=Sets IE start page, uses an unidentified ActiveX component to uninstall settings.
EditDate=20021020
SalisburyID=30
[PassThisOn]
Company=
Product=
Threat=Browser hijacker
CompanyURL=http://www.passthison.com/
CompanyProductURL=
CompanyPrivacyURL=http://www.passthison.com/
Functionality=
Privacy=
Description=Asks you continously to set your IE start page. More info at http://news.com.com/2100-1023-253074.html?legacy=cnet
EditDate=20021020
SalisburyID=31
[RocketSearch]
Company=
Product=
Threat=Browser hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Asks to be set as start page when visiting http://www.netperception.com/ , currently for sale.
EditDate=20021020
SalisburyID=32
[UnderageHost]
Company=
Product=
Threat=Browser hijacker
CompanyURL=
CompanyProductURL=http://www.loading-lolita.com/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Silently sets itself as IE start- and search pages (furthermore done by a file on every system start), and adds some favourites. Anyone visiting the site that installs it is sick!
EditDate=20021020
SalisburyID=33
[SuperSexPass]
Company=
Product=
Threat=(Unverified) Browser hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Redirects MSN search for URLs that could not be resolved.
EditDate=20021020
SalisburyID=34
[NetzAny]
Company=
Product=NetzAny
Threat=Browser Hijacker
CompanyURL=http://www.netzany.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
EditDate=20021020
SalisburyID=35
[FindTheWebsiteYouNeed]
Company=FindTheWebsiteYouNeed
Product=FindTheWebsiteYouNeed
Threat=Browser Hijacker
CompanyURL=http://www.findthewebsiteyouneed.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Seems to install using some exploit - user doesn't get asked, but on next IE start, start & search pages are set.
Privacy=From the License Agreement:%0D%0A"You are in full agreement that to gather the information necessary to provide our Information service requires our Software to gather URL and duration information of all web sites visits by the person using your computer while browsing the Internet. This information is then transferred to our database in order to provide you and other users with our 7FaSSt Search (tm) traffic reports. You are in full agreement to the transfer of any and all information necessary to provide the 7FaSSt Search(tm) services to others."
Description=Storing the tracked data in a database is bad enough, but what is meant by the last sentence? Transfer of all data to make the search engine services available to /others/?.%0D%0AAfter installation, the user is asked to enter user name and email address as if that would be necessary for use.
EditDate=20021020
SalisburyID=37
[CnsMin]
Threat=Trojan
CompanyURL=http://www.3721.com/
Description=Parts of this are optional for intallation along with YiSou Toolbar but other parts - which are not mentioned prior to installation - are getting downloaded , installed and executed without any explicit user consent nor notification.%0D%0AThe program also adds itself to system startup. After uninstalling YiSou Toolbar CnsMin still remains on system.
EditDate=20021020
SalisburyID=38
[System1060]
Threat=Browser hijacker
Description=Set of files that do everything to appear as system files. Named taskmgr.exe and twunk_64.exe, both even have the original Microsoft description in their properties, but they don't have the original functionality. Instead, they begin phoning home on system start.
EditDate=20021020
SalisburyID=39
[Xupiter]
Threat=Browser hijacker/BHO
Description=A hijacker that comes with it's own IE toolbar.
CompanyURL=http://www.xupiter.com/
CompanyProductURL=http://www.xupiter.com/
EditDate=20021020
SalisburyID=40
[RapidBlaster]
Threat=BHO
Functionality=Offers porn
Description=Runs in background and connects in short intervals to the internet.
Privacy=For your convenience, Rapid Blaster auto installs new versions of the download to ensure your software is working to its highest capacity.%0D%0ARapid Blaster is not responsible for the privacy policies or the content of websites that are using the Rapid blaster.%0D%0ARapid Blaster reserves the right to modify this Privacy Policy, as well as the other Terms of Use, from time to time, without notice.
SalisburyID=41
[SearchAndBrowse]
Threat=BHO/Hijacker
Company=WebEnhancement Corp.
companyURL=http://www.searchandbrowse.com/
CompanyProductURL=http://www.gtawarehouse.com/
Description=Installs a new toolbar upon leaving page. %0D%0ASee more information here: http://and.doxdesk.com/parasite/SearchAndBrowse.html
Description=The browser start page gets reset to this page if you install Ultimate Popup Killer from their homepage for free. To get rid of it, you have to uninstall Ultimate Popup Killer.
EditDate=20021109
SalisburyID=44
[FreeHQMovies]
EditDate=20021109
CompanyProductURL=http://www.freehqmovies.com/
Description=Pages installs dialer and hijacks IE to itself.
SalisburyID=45
[Jethomepage]
EditDate=20021113
Threat=Hijacker
CompanyURL=http://www.jethomepage.com/
Privacy=No privacy policy
SalisburyID=46
[PlanColumbia]
Threat=Hijacker
EditDate=20021113
Description=Replaces startup and shutdown screen. See additional information here:%0D%0Ahttp://www.symantec.com/avcenter/venc/data/vbs.plan.a.html
SalisburyID=47
[StartSurfing]
EditDate=20021114
Functionality=Popup blocker.
Description=Blocks all internet access. An effective way to block popup, yes. After removal, you need to adjust your IE proxy settings. Should work as a local proxy. Danger because installed directly by found404.com popunder ads.
Privacy=To insure you always have the latest version and for your convenience this software will automatically update itself from time to time once installed. Also we will download other companies programs to your computer which you will have the choice to install or not install once downloaded.%0D%0ATo prevent your browser from becoming cluttered when our toolbar is installed, any other toolbars you currently have visible will be deactivated. They can be restored manually through the Internet Explorer "View" menu.%0D%0AOnce installed if you decide to change your start or search page this information will be sent back to our server. Also information in regards to your browsing will be sent to our servers, such as how long you surf for, and your surfing habits.
SalisburyID=49
[XRenoder]
Threat=Hijacker
EditDate=20021120
Description=Detected as 'Common hijacker', hijacks MSN pages.
SalisburyID=50
[Anal-Oral]
Threat=Hijacker
EditDate=20021120
CompanyProductURL=http://www.anal-oral.net
Description=Hijacks thehun.net and thehun.com pages.
SalisburyID=51
[QcBar]
Threat=Hijacker
EditDate=20021121
Description=Hijacker that adds tons of favorites and its own toolbar to display them.
Privacy=Why we need to obtain personal information ABOUT YOU%0D%0AYour personal information is used to enable us to deliver our online products and services to you.[...]%0D%0AWhat we do with your personal information%0D%0AYour email address and other personal information may be used to enable us to send you marketing or promotional material (such as promotional offers) on other products and services that we consider may be of interest to you.[...] The information you provide to Roar is also shared among our subsidiaries and the operators of our affiliated websites.
Description=Even personal information is collected and shared.
EditDate=20021123
Threat=Hijacker/Spyware
SalisburyID=53
[SearchAccurate]
Threat=BHO/Hijacker
EditDate=20021126
Description=Toolbar for IE with some advertisement links. Resets IE start page on each system start.
SalisburyID=54
[MSN Messenger Polygamy]
Company=Asdfuae
Product=MSN Messenger Polygamy
Threat=Browser hijacker
CompanyURL=http://www.asdfuae.tk/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=IE menu extension
Privacy=
Description=Adds an IE menu extension linking to Asdfuae's Messenger related website
Description=No privacy violation (except keywords are stored in combination with your IP), but installation removes all other installed BHOs. In addition, it hijacks the MS search pages to their own homepage.
Privacy=Our use of your personal or financial information or other information gathered by cookies is used for the limited purpose of fulfilling your requests for service, securing your internet experience, and realizing the demographic which we are serving so that we can continue to serve you better. The information that we collect directly from you includes IP Address, Browser Type, Time Stamps, Operating System, ISP (internet service provider), transactions placed, products and services used, and some banner ads that you may view. All of these are used solely for our internal benefit to create a better operational product and a record of your transaction in case of some failure immediately thereafter.
Description=HotPhrase seems to be a more harmless variant of SpeedPrhase.
SalisburyID=57
[SpeedPhrase]
Company=SpeedPhrase Corporation
CompanyURL=http://www.speedphrase.com/
CompanyProductURL=http://www.speedphrase.com/
Threat=Possible spyware/Malware
Description=Contrary to HotPhrase, the SpeedPhrase homepage contains no privacy policy at all, and installation of SpeedPhrase deletes all other registered Browser Helper Objects!
SalisburyID=58
[I-Lookup]
CompanyURL=http://www.i-lookup.com/
SalisburyID=59
[BandObjects]
Product=Bandobjects aka Go aka EStart.
CompanyProductURL=http://topsitez.us
EditDate=20030122
Description=Hijacks the Internet Explorer start and search page, removes Microsoft links from Favorites, and adds its own. That it creates log files in the root may hint that it's in development and new versions may be coming.
SalisburyID=279
Company=
Threat=
CompanyURL=
CompanyPrivacyURL=
Functionality=
Privacy=
[SearchEx]
Threat=Adware/Trojan
Description=The newest form of this is documented by McAfee: http://vil.mcafee.com/dispVirus.asp?virus_k=100052
Description=Stealth, sends log as mail. Uses the AFP File Monitor & Protector to protect itself against removal. Please boot into safe mode before removing.
Functionality=Monitors keystrokes, passwords, URLs, running applications, access to private files.
Privacy=
Description=
EditDate=20021217
SalisburyID=171
[RadLight Media Player]
Company=
Product=RadLight Media Player
Threat=Tries to uninstall Ad-Aware
CompanyURL=http://www.radlight.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=DivX player
Privacy=From the license agreement shown upon install: You are not allowed to use any third party program (e.g Ad-aware) to uninstall application bundled with RadLight. Such programs will be removed. If you want to uninstall them, you may do so via Add/Remove in Windows' Control Panel.
Description=This application tries to remove Ad-Aware files upon install (a newer release warns clearly about that). Removal of these files is only recommended and necessary if you no longer comply to their license agreement.
Privacy=Author unknown (referrer ID: AAL611 at www.ignifuge.com)
Description=This application promises to be the alround solution to scan for viruses, clean the harddisk and more, but really is just a small window labeled 'MONEY' and a bigger banner, and by clicking on one of them the user gets redirected to a website where the unknown author gets money for every person he refers.
Description=Upon installation, sends mails to all people on your email contact list. See also http://vil.nai.com/vil/content/v_99760.htm
SalisburyID=23
[TotemShared Updater]
Company=
Product=TotemShared Updater
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Updater sending out statistics. Is kept even when host application is uninstalled. The startup entry is named as Uninstall0001 to fool the user into thinking this would be a one-time entry and not a permanent updater.
Description=Spends your bandwidth by downloading content that you 'may' want to see in the future, and allowing other users of the same client to download from your computer.
Privacy=When you are on-line, therefore, the Software may share Published Content that resides on your computer system with other Red Swoosh Clients that have requested such Published Content.%0D%0AFinally, from time to time the Red Swoosh Client may download to your computer system a particular item of Published Content or other information that may be of interest to you, as determined by the Published Content you have downloaded in the past.%0D%0AWe do need to monitor and retain the version of your Web browser, your computer's operating system, your connection speed, your Internet protocol address, the identifier associated with your Red Swoosh Client, and the Published Content that is available on your computer for download through the Red Swoosh network, and we also monitor and retain information regarding the transmission of Published Content as described below.%0D%0ATo attempt to make your downloads more efficient, Red Swoosh needs to know when you are online. Accordingly, each time a computer on which a Red Swoosh Client is installed logs on to the Internet, our server notes the time that it logged on and collects the information described in Section 3(b).
SalisburyID=25
[DyFuCA]
EditDate=20030120
Threat=Malware
Description=Drive-by download connecting to sextracker.com and trying to download Internet Optimizer by Avenue A Media
SalisburyID=284
[ComLoad]
EditDate=20030130
Threat=Malware/Security risk
Description=ActiveX control that will allow websites to load and run any executable program. Used for example by Coulomb ( http://www.coulomb.co.uk/ ). More information: http://www.doxdesk.com/parasite/Comload.html
SalisburyID=285
[Haczyk]
EditDate=20030130
Threat=Malware
Description=Installs unwanted, function unknown, but has a lot of tasks running at system startup.
SalisburyID=286
[SpywareNuker]
Threat=Adware/Possible spyware/Malware
EditDate=20021208
CompanyURL=http://www.trekblue.com/
CompanyProductURL=http://www.spywarenuker.com/
Company=TrekBlue
Functionality=Supposed spyware removal utility.
Privacy=4. ACKNOWLEDGEMENT OF VALUE-ADDED APPLICATIONS%0D%0AYou acknowledge that the "Trek Blue" Program(s) include technology which allows "Trek Blue" to provide updates to the software directly to your computer. Additionally, you acknowledge that you wish to receive software and technology as updates at the discretion of "Trek Blue" for the purposes of complimenting or enhancing the "Trek Blue" Program(s). By installing, downloading, copying, updating or otherwise using the "Trek Blue" Program(s), you specifically agree to include and/or accept the noted software and technology through which "Trek Blue", its subsidiaries, affiliates, partners, divisions, and clients provide value-added upgrades and applications to your computer. You acknowledge that you desire to receive value added applications, if any, from "Trek Blue", its subsidiaries, affiliates, partners, divisions, and clients. You acknowledge that you desire to receive value-added content and applications as a condition to using the "Trek Blue" Program(s).
Description=Heavily advertisement by spam (unsolisicited email advertisement); phoning home on program start; silently installing updates and content (meaning advertisement) into your system. Those applications may even come from third parties. No limitation is made about this 'value-added' content, meaning the license allows them to install any spyware into your system without your knowledge. In addition, using the program isn't safe - LSP hijackers get removed, but the Winsock not fixed so you would loose your internet connections. Uses a stolen Spybot-S&D database and is therefore a copyright infringement.
Description=There's a security hole in IE allowing websites to execute code without asking you first. You can find more information at http://security.greymagic.com/adv/gm001-ie/
Functionality=Internet Explorer toolbar providing additional information and related links about visited websites.
Privacy=ALEXA COLLECTS AND STORES INFORMATION ABOUT THE WEB PAGES YOU VIEW, THE DATA YOU ENTER IN ONLINE FORMS AND SEARCH FIELDS WHILE USING THE ALEXA SOFTWARE, AND, WITH VERSIONS 5.0 AND HIGHER OF THE BROWSER COMPANION SOFTWARE, THE PRODUCTS YOU PURCHASE ONLINE. ALTHOUGH ALEXA DOES NOT ATTEMPT TO ANALYZE WEB USAGE DATA TO DETERMINE THE IDENTITY OF ANY ALEXA USER, SOME INFORMATION COLLECTED BY THE SOFTWARE IS PERSONALLY IDENTIFIABLE. ALEXA AGGREGATES AND ANALYZES THE INFORMATION IT COLLECTS TO IMPROVE ITS SERVICE AND TO PREPARE REPORTS ABOUT AGGREGATE WEB USAGE AND SHOPPING HABITS.%0D%0A[...]%0D%0AWe employ other companies and individuals to perform functions on our behalf, such as technical support services. To perform those functions, it may be necessary for them to obtain access to AlexaÆs databases and servers, which may contain personally identifying information about users. They may not use such access or information for any purpose other than that for which they are retained.
Description=The privacy statement says it all. They are storing quite a lot of information, including personal data like accounts (if account data is used in URL). They give other companies access to their databases; those may only use the data to what it was retained for. The statements says what the data was retained for, but doesn't give exlusions what it isn't retained for.
Functionality=Installs unknown items & advertisement popups on your system.
Privacy=BackWeb: Stay in the loop With BackWeb's reporting capabilities, you'll know who received each delivery, when they received it, and how they interacted with it.%0D%0ACameoCast: CameoCAST pushes content to your hard drive while you are online.%0D%0A[...]This information such as the type of browser being used, its operating system, and your IP address, is gathered in order to enhance your online experience.
Description=Comes with Western Digital Data Lifeline as well as with HP & Compaq systems. If you intended to install the normal BackWeb, please add BackWeb to your exclude list. But if you know nothing about having installed BackWeb, chances are good that it is the 'lite' version. This one connects to a Cameocast server (Source: http://www.cexx.org/dlgli.htm), and you can read Cameo's privacy statement above.
Privacy=[...]With respect to Ad Servers: To try and bring you offers that are of interest to you, we have relationships with other companies that we allow to place ads on our Web pages. As a result of your visit to our site, ad server companies may collect information such as your domain type, your IP address and clickstream information. For further information, consult the privacy policies of:%0D%0Awww.linkshare.com%0D%0Awww.cj.com%0D%0Awww.reporting.net%0D%0Awww.directleads.com%0D%0Awww.performics.com%0D%0Awww.sitemeter.com%0D%0Awww.websponsors.com
Description=Privacy policy itself does not fulfill any spyware criteria, but does seem to meet the website only, not the installed software.
EditDate=20021020
SalisburyID=178
[BDE Projector]
Company=Brilliant Digital
Product=B3D Projector/Brilliant Digital Entertainment
Functionality=Plays 3d online files, stealth P2P network
Privacy=
Description=According to News.com (http://news.com.com/2100-1023-873181.html), the BDE Software contains technologie that would allow Brilliant Digital to turn every computer with BDE installed into a node of a Brilliant controlled network. Thus Brilliant could use your computer for distributed computing without your knowledge.
Privacy=The privacy policy link links to pages that doesn't contain any information about privacy. The link above I found on another website concering BonziBuddy. But it doesn't say anything the software.
Description=User reports on http://accs-net.com/smallfish/bonzi.htm tell about lots of unnecessary connections, even after uninstall. The missing privacy policy for the product is another point to avoid this program.
EditDate=20021020
SalisburyID=180
[BrowserToolbar]
Company=
Product=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Backdoor. Information about this one was collected from Symantec ( http://www.sarc.com/avcenter/venc/data/backdoor.autoupder.html ) and Trend Micro ( http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SUA.A ) homepages, as I couldn't yet catch it.
EditDate=20021020
SalisburyID=181
[Bulla]
Company=Bulla Software Publishing
Product=Bulla Internet Explorer Browser Plugin
Threat=Tracking BHO
CompanyURL=http://www.bulla.com/
CompanyProductURL=http://www.bulla.com/
CompanyPrivacyURL=
Functionality=Announces to pay for clicking banners
Privacy=No Privacy Policy available online.
Description=According to http://and.doxdesk.com/parasite/Bulla.html all URLs are transmitted combined with a GUID. Installation works using an ActiveX component that has no trusted certificate. License Agreement in INF-Tool Demo (the installer) contains blank fields for authors name, email etc... The Bulla BHO redirects the browser startpage. May be a false positive if only the IEPlugin system file and browser helper object are found.
EditDate=20021020
SalisburyID=182
[C2.lop]
Company=C2 Media Ltd.
Product=
Threat=Browser hijacker, porn dialer
CompanyURL=http://www.lop.com/
CompanyProductURL=http://www.lop.com/
CompanyPrivacyURL=http://lop.com/privacy.html
Functionality=Search page & MP3 search engine
Privacy=We collect the following information:%0D%0AClick-stream data%0D%0AHTTP protocol elements%0D%0ASearch terms%0D%0AThis data will be used for the following purposes:%0D%0ACompletion and support of the current activity.%0D%0AWeb site and system administration.%0D%0AResearch and development.%0D%0AThis data will be used by ourselves and our agents.
Description=If security settings of IE are low, the TeenSex dialer is installed without asking the user. If not, every few clicks a message box will pop up asking to install the direct access (means dialer). The user can choose to set lop.com as his IE start page by clicking a link to the bottom.%0D%0AA new lop.com dialer is also installed from http://www1.lop.com/dialer/go/
EditDate=20021020
SalisburyID=183
[CashBar]
Company=
Product=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
EditDate=20021020
SalisburyID=184
[CL/PRS]
Company=
Product=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
EditDate=20021020
SalisburyID=185
[ClickTheButton]
Company=
Product=ClickTheButton
Threat=Spyware
CompanyURL=http://www.clickthebutton.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Shopping helper
Privacy=
Description=ClickTheButton monitors your visits to shopping sites.
EditDate=20021020
SalisburyID=186
[ClickTillUWin]
Company=ClickTillUWin.com (owned and operated by Strategic Advertising Services)
Privacy=When playing ClickTillUWin, each lotto ticket requires the user to view a ten-second, full-page advertisement from one of our sponsors. In addition, from time to time, ClickTillUWin will show you occasional offers or opportunities for other targeted products or services based upon the URL destinations you visit at any given time.
Description=Hides itself using the name Explorer.exe. F-Secure lists it as a trojan (http://www.europe.f-secure.com/v-descs/dlder.shtml).
Functionality=Cursors add-ons for Internet Explorer
Privacy=
Description=I couldn't review the privacy statement for 4.0 because I got a 404 (File not found error). According to http://and.doxdesk.com/parasite/CometCursor.html , Comet Systems tracks what websites using Comet Cursors you visit.
Privacy=If you download and install the Software in order to use the CommonName(TM) service to locate a web site ("Software User"), CommonName(TM) collects personally identifiable information such as your name, your company name, your contact telephone number, your address, your e-mail address, your country of residence and your postal code, to enable us to provide you with appropriate customer service and support.%0D%0A[...]CommonName(TM) may share your personally identifiable information with the following third parties for the following purposes:[...]In order to bring the CommonName(TM) service to you, we have entered and may enter into arrangements with certain business partners such as web browser providers, search engines and internet service providers. Where it is necessary to share your personally identifiable information such as name and e-mail address with our business partners we will do so but only to the extent necessary for them to provide the specific services that they are required to.[...]
Description=The Privacy Statement makes it clear: they are collection personally identifiable information and giving it away: "We may sell or pass on your personally identifiable information to carefully selected organisations in which you may be interested."
Description=Cydoor has been using unique user IDs in the past, but is stating to do that no longer.%0D%0AFOR YOUR INFORMATION: It may be illegal and surely is illegitimate to use Cydoor-infected software after you have replaced Cydoor with the dummy. The dummy is only provided so that you may save all your data from the infected software after it has been cleaned; it is strongly suggested that you look for a spyware-free alternative.
Functionality=A download manager that has very useful features like splitted downloads.
Privacy=[...] SpeedBit may gather contact information and other personally identifiable information (such as username, e-mail address, country and zip-code), and demographic information (like their age, occupation or gender). SpeedBit, it's partners, affiliates or other third parties may use any information submitted or collected from you.
Description=See the privacy policy: anyone may use any collected information. To do that, DAP (at least older versions) tries to open a connection even if no downloads are queued. And the Internet Explorer toolbar was unstable on the Windows 98 SE system I tested it on.%0D%0AOne more thing: I couldn't find a link on their webpage that is pointing to the privacy statement URL above. Right now, you will only see it if you install DAP.
Functionality=Wants to deliver the newest downloads
Privacy=Unique Identifiers for End Users. [...] It also allows Downloadware to collect information regarding your own use of, and interaction with advertising [...]
Description=Not a threat itself, but it takes no responsibility for the software it installs on your machine. According to http://and.doxdesk.com/parasite/DownloadWare.html it will also install a dialer. Another bad thing is that the user can see no way how he can get those 'newest downloads' - there's no desktop icon or start menu item for this app!
Privacy=Expedioware never captures your name, e-mail address or any way of identifying you as the person who entered the information. Once you register you will receive a registration number will allow you to continue to use the third-party software.
Description=Only possible threat is the continued use of a personal ID (registration number).
Privacy=However, in order to provide the service, the eZula application collects information about its activity, such as the keywords that the application was activated on. When you react to the highlights then eZula will also collect a standard web log that may include more information about the action such as IP address, time etc.
Description=
XBlockID=9
EditDate=20021020
SalisburyID=198
[FlashTrack]
Company=FlashTrack, a division of FlashPoint Media, Ltd.
Description=McAfee detects this as a trojan (Source: http://vil.mcafee.com/dispVirus.asp?virus_k=99206&). And the Privacy Policy at the above address is not for the software. FlashTrack monitors web pages viewed and terms entered into online forms.
EditDate=20021020
SalisburyID=199
[Flyswat]
Company=FlySwat
Product=FlySwat
Threat=Adware/Spyware
CompanyURL=http://www.flyswat.com (unreachable)
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Search Enhancement for IE.
Privacy=Privacy Policy: The flyswat service logs anonymous click-streams as users navigate the Web. This data has no personal or demographic information associated with it and will be considered only in aggregate form. flyswat uses this information for product enhancement and may also share it with our partners to use for product enhancement.%0D%0AFAQ: If the flyswat application on your computer ever fails, it will automatically send a diagnosis back to the flyswat server, with information about the type of system and state of usage when flyswat failed."%0D%0A(Both sources: http://accs-net.com/smallfish/flyswat.htm)
Description=Flyswat creates a User ID to every user.
Functionality=Fills in passwords for you and shows you a lot of ads.
Privacy=Some information we may collect, use, and associate with your Anonymous ID includes:%0D%0AWhich web pages your computer views and how much time is spent at those sites%0D%0AYour response to the ads we display%0D%0AStandard web log information and system settings%0D%0AWhat software is on your computer%0D%0AYour first name, country, and five digit ZIP code%0D%0AYour GAINware usage characteristics and preferences%0D%0AInformation associated with your Anonymous ID is used in any of three ways: a) to offer assistance (e.g. knowing when to offer help filling in a form or adjust your computer's clock), b) to select and deliver installation files for optional new GAINware and/or third party software applications, and c) to deliver advertisements and information to you on behalf of our advertisers who are often competitors of the web sites you are viewing.
Description=Upon visit of some Gator related pages, it tries to download and install. According to Tribune Media Services (via http://www.securitynewsportal.com/ via http://www.cexx.org/gator.htm): "Gator tracks the sites that users visit and forwards that data back to the company's servers. Gator sells the use of this information to advertisers who can purchase the opportunity to make ads pop up at certain moments, such as when specific words appear on a screen. It also lets companies launch a pop-up ad when users visit a competitor's Web site."%0D%0AAnd Gator saves your identity in the HKEY_CLASSES_ROOT\CLSID section of the registry - good place to hide, if you've got something to hide.
Functionality=Wants to provide free full length streaming movies.
Privacy=3. Several PROMOTIONAL CONSOLES (daughter consoles/interstitials) may be launched for the duration of time you spend online. These consoles may continue to be launched as long as you have the GoHip! BROWSER ENHANCEMENT installed on your machine. GoHip! does not monitor the activities or collect information from users once they have left www.gohip.com.
Description=What does that mean? They open consoles for an outside company, and they reject any responsibility for what that outside company does. From the product description: "These promotional consoles are provided by an outside advertising agency, InternetFuel.com."
Privacy=For our Pop-Up Ads, very little information is required, other than knowing in what part of the world you are located. (For example, zip code, country code, etc.) Any information you provide is used to make your ad viewing a pleasant, beneficial experience by providing you with ads more closely aligned with your interests.
Functionality=Improves IEs look and provides an additional toolbar containing tailored ads.
Privacy=HOTBAR COLLECTS AND STORES INFORMATION ABOUT THE WEB PAGES YOU VIEW AND THE DATA YOU ENTER IN SEARCH ENGINE SEARCH FIELDS WHILE USING THE SOFTWARE. HOTBAR USES THIS INFORMATION TO DETERMINE WHICH ADS AND BUTTONS TO DISPLAY ON YOUR HOTBAR TOOLBAR AND WHICH ADS TO SHOW YOUR BROWSER.
Description=Hotbar changes the Internet Explorer search page to a searchsite, which is unable to find "google.com" or "yahoo.com" with the search strings "google" and "yahoo" , which is common among fraud searchsites. The tool bar buttons are frequently downloaded from the Hotbar websites, especially at the program's start, causing an overuse of the internet connection. The weather forecast screen is not being cached but downloaded every time causing again more traffic. The toolbar does also collect and transmit data on the user's surfing and internet shopping habits. Most of these transmissions contain a (probably unique) UserID and a ComputerID. Last but not least Hotbar does also cause ad popups. Most of these mentioned functions are stated in the terms and conditions and the privacy policy . Since it is not expected that many users read or understand these, and as this software package can be very annoying, Hotbar is classified as PUPS.
Functionality=A typical IE toolbar offering search and advertising
Privacy=12. UPDATES. You grant IMI permission to add/remove features and/or functions to the existing software and/or service, or to install new applications, at any time, in its sole discretion with or without your knowledge and/or interaction. You also grant IMI permission to make any changes to the software and/or service provided at any time.
Description=See Terms Of Use. IMI may change the software at any time and upload it to your computer without your knowledge. It also breaches your security by sending the whole URL to their server whenever it contains one of their keywords.
EditDate=20021020
SalisburyID=205
[INetSpeak]
Company=Jaypee Systems
Product=INetSpeak
Threat=Adware/BHO
CompanyURL=http://www.music-magnet.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Advertisement installed through MusicMagnet
Privacy=
Description=No privacy policy or any mentioning of the BHO found on website.
Functionality=A proxy boasting to improve internet speed, while monitoring your internet use to make prognoses.
Privacy=Marketscore monitors your surfing, essentially logging information about the web pages that you visit and the actions that you take, such as the purchases and transactions you make. [...] Please note that while we do not sell any personally identifiable member information, we do share personally identifiable information with those third parties who help us deliver the Marketscore service to you.
Privacy=We collect aggregate information about the number of AdTools' products downloaded and run, whether they are passed on, how the product is used, and which sites are visited as a result of interaction with the product.
Description=This product saves an identifier and keeps track of you like stated in the Privavy statement quoted above. A named feature on AdTools' website is: 'Comprehensive tracking'.
Privacy=If you are providing us Personally Identifiable Information, it will only be used within the AWS, Inc Internet domains unless you choose to allow third party data sharing (by opting in for such distribution during the registration process). Should you choose to provide your information to third parties, WeatherBug.com will share aspects of your information with our valued partners.
Description=My tests showed connections to DoubleClick, a company known for tracking cookies. WeatherBug also seems to have no button to close it - without killing it the hard way, it will run all the time.
Description=The MS Media Player assigns a unique ID to your machine that is transmitted each time the CD player queries the database for the name of a CD and its titles. It may also be transmitted when downloaded codecs.
EditDate=20021020
SalisburyID=210
[MS Works]
Company=Microsoft
Product=Works
Threat=Auto-Updater
CompanyURL=http://www.microsoft.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Office package auto updating executable.
Privacy=
Description=While removing this will stop Works from phoning home, it may also stop the spell checking in Outlook Express from working!
Functionality=I can't see any more functionality then providing ads.
Privacy=When you register with one of 180Solutions' distribution partners, you may be asked to provide certain personal information about yourself and your interests. In some cases, non-personally identifiable information about you may be passed to us by the partner. This may include, but is not limited to, your age, sex, geographic region and interests.%0D%0A[...] When n-CASE is actively running on your computer, the software generates logs of your surfing activity, including web pages you have visited and the order in which you visited these pages. These logs are then uploaded to 180Solutions' secure servers. We use these logs for market research purposes and to provide you with offers and content specifically targeted to your interests and habits. 180Solutions stores these logs on our servers, for our use.
Privacy=Access and Interference: You agree that you will not use any robot, spider, other automatic or manual device or process to interfere or attempt to interfere with the proper working of Supplied Licensed Materials.
Description=According to http://and.doxdesk.com/parasite/NetworkEssentials.html it sends visited URLs to its controlling servers. There is a privacy statement for the website, and a link to the terms that should contain 'SmartPops.com downloadable Application Privacy Statement' (& License Agreement), but I couldn't find any privacy information in that second one. Only that you may not interfere with its proper working.
Functionality=New.net wants to give access to new non-official top-level-domains.
Privacy=
Description=Even though they state that millions of users use their system, I've never run about such a domain, so I would call it safe to remove it without any loss. Also, New.Nets TLDs are not officially approved.
Privacy=From the License Agreement: Creative does not warrant that the functions contained in the Software will meet your requirements or that the operation of the Software will be uninterrupted, error-free or free from malicious code.
Description=Data is saved with the file extension .sys - do they have something to hide? I couldn't find anything about it in the License Agreement. There is no License Agreement or Privacy Policy shown before the installation, so the only available Privacy Policy is the general online Privacy Policy, which won't say a word about the News Update Engine.
EditDate=20021020
SalisburyID=215
[Onflow]
Company=Onflow Corporation
Product=Onflow Media Player
Threat=Adware/Possibly Spyware
CompanyURL=http://onflow.com/
CompanyProductURL=http://onflow.com/
CompanyPrivacyURL=http://onflow.com/legal/
Functionality=Wants to provide fully interactive online animation.
Privacy=Each time the Onflow Player displays images, it transmits data to our server such as the serial number of the Player, the image displayed, the web page in which it was shown and whether you moved your mouse over the image or clicked on it.
Description=Hides it purpose to bring you more ads under the cloak of a 'media player'.
Privacy=In the process of delivering this content, as well as performing online transactions, Radiate will sometimes query you for demographic data (gender, age, zip code, etc.). We will not collect any personally identifiable information about you (name, address, telephone number, email address) unless you provide it to us voluntarily. All of this information is aggregated for the purposes of reporting to advertisers and ad sales organizations the performance of their advertising campaigns.
Functionality=SaveNow wants to help people in the US with shopping. It wants to give you additional (advertisement) information whenever you surf, e.g. use a search engine.
Privacy=The Internet is an evolving medium and WhenU.com may change its privacy policy from time to time. Please review the WhenU.com privacy policy often. Use of any WhenU.com product indicates your knowledge and acceptance of the privacy policy posted on the WhenU.com site and toolbar at that time.
Description=Hiding data by misusing a structure in the registry reserved for other stuff doesn't help you trust a software. But anyway, who would use a software if he had to look up the current Privacy Policy every time?
Functionality=Provides you with 'coupon, cash back offer, donation to a school or charity or some other offer'
Privacy=By shifting the processing power to your desktop PC, TopMoxie is the only browser companion that places complete control of privacy issues in the hands of the consumer. The reminder service, powered by TopMoxie, does not collect any personally identifiable information from users and therefore ensures privacy protection and end-user anonymity.
Description=A good privacy statement, and it looks like harmless adware. But a quote from the EULA: "When installed on your computer, the software periodically communicates with our servers in order to update and monitor the Services. We may update the software on your computer when a new version is released or when new features are added". The EULA doesn't mention whether their privacy statement will still be valid for those updates.
Privacy=RankYou.com has partnered with Targitmail.com to make available special offers, discounts, and promotional announcements as an added value service to our subscribers. TargitMail.com will not make available any personal information to any fourth party.
Privacy=Providing personnally identifiable information, such as your e-mail address, will allow us to notify you of updates to our services and concerning products and/or services that we determine you would be interested in.
Description=Accord to http://and.doxdesk.com/parasite/UCmore.html every URL is transmitted with a unique ID.
Privacy=The software collects and transmits to Mindset servers the URLs of the Web pages visited on your browser. URLs are the addresses of the web pages that your browser visits (http://www.Mindseti.com, for example). The Mindset software collects and maintains information on both current and historical browsing. Mindset will use this information to build a summary of your interests so that Mindset can help its partners make relevant and personalized offers to you.%0D%0AMindset and its affiliates' software also collects some information from online forms that you fill out. This information is sent to us in order to save you the time and trouble of submitting such information to us yourself. We use this information to allow our partners to reach you with only those personalized and targeted offers and advertisements that may be relevant to your interests.
Description=How friendly those people at Mindset are. They are collecting information about you and transmit it back to themselves, so you don't need to bother to do it yourself!
Privacy=The software collects and transmits to Mindset servers the URLs of the Web pages visited on your browser. URLs are the addresses of the web pages that your browser visits (http://www.Mindseti.com, for example). The Mindset software collects and maintains information on both current and historical browsing. Mindset will use this information to build a summary of your interests so that Mindset can help its partners make relevant and personalized offers to you.%0D%0AMindset and its affiliates' software also collects some information from online forms that you fill out. This information is sent to us in order to save you the time and trouble of submitting such information to us yourself. We use this information to allow our partners to reach you with only those personalized and targeted offers and advertisements that may be relevant to your interests.
Description=How friendly those people at Mindset are. They are collecting information about you and transmit it back to themselves, so you don't need to bother to do it yourself!
Privacy=The software collects and transmits to Mindset servers the URLs of the Web pages visited on your browser. URLs are the addresses of the web pages that your browser visits (http://www.Mindseti.com, for example). The Mindset software collects and maintains information on both current and historical browsing. Mindset will use this information to build a summary of your interests so that Mindset can help its partners make relevant and personalized offers to you.%0D%0AMindset and its affiliates' software also collects some information from online forms that you fill out. This information is sent to us in order to save you the time and trouble of submitting such information to us yourself. We use this information to allow our partners to reach you with only those personalized and targeted offers and advertisements that may be relevant to your interests.
Description=How friendly those people at Mindset are. They are collecting information about you and transmit it back to themselves, so you don't need to bother to do it yourself!
Privacy=The software collects and transmits to Mindset servers the URLs of the Web pages visited on your browser. URLs are the addresses of the web pages that your browser visits (http://www.Mindseti.com, for example). The Mindset software collects and maintains information on both current and historical browsing. Mindset will use this information to build a summary of your interests so that Mindset can help its partners make relevant and personalized offers to you.%0D%0AMindset and its affiliates' software also collects some information from online forms that you fill out. This information is sent to us in order to save you the time and trouble of submitting such information to us yourself. We use this information to allow our partners to reach you with only those personalized and targeted offers and advertisements that may be relevant to your interests.
Description=How friendly those people at Mindset are. They are collecting information about you and transmit it back to themselves, so you don't need to bother to do it yourself!
Privacy=Examples of information that we collect are web page address, web page size, web page load time, web page completion state and network delay time.
Functionality=Visualization for Media Players, Platform for games
Privacy=If you download our Web Driver software it will gather and store information about your computer that is specifically related to the functioning of the Web Driver software, such as processor type or the presence or absence of graphics accelerators and the related software drivers. The Web Driver software will not gather information from your computer about you, such as general application software you have installed or personal data that you store on your computer. The Web Driver software will report this configuration information to us on a regular basis. We use this information to identify your system's capability and to optimize the delivery of content to the Web Driver.
Description=Configuration information is transmitted on a regular basis.
Privacy=When we refer to "requested" information ("Requested Information"), we mean the information you provide to us directly, like your name, e-mail, or address.%0D%0A[...]ZapSpot may provide certain Requested, Calculated, or Roaming information to third parties such as marketers and advertisers, who make use of general customer data. We assure you that such disclosure does not include any information which could personally identify you or be directly associated with you as an individual.
Privacy=With whom your information may be shared: As a general rule, will not disclose any of your personally identifiable information except when we have your permission or under special circumstances, such as when we believe in good faith that the law requires it or under the circumstances described below. Please see the Terms of Service or Use Agreements for each of our products and services for more detailed information about how your personal information may be shared.
Description=But the Terms of Service or Use Agreements state nothing about further uses.
Privacy=In order to use our product, a user must first complete a registration form. During registration a user may be required to give his contact information (such as name and email address) and preferences for filtering message content. This is used to deliver to the user information they have asked to receive.
Description=Privacy Policy reads like tailored ads. It's still unclear wheather the user really has a choice.
Functionality=A toolbar with search functions and quick links.
Privacy=We use information that we collect to make your Search-Explorer.Com visit more productive and tailored to your individual preferences. We require certain specific information when you contact us or send us a request, and we store that information in secure databases. We share information, both personally identifiable and aggregate data, with companies who provide content to portions of our site and communicate with you on behalf of Search-Explorer.Com.
Description=Uses tracking cookies, and sharing PII. Another source of information: http://and.doxdesk.com/parasite/SearchExplorer.html
Functionality=A download accelerator for game demos.
Privacy=You understand that Content will be stored on your personal computer until it is deleted at your direction or until it is automatically deleted by the operation of the Kontiki Delivery Network.%0D%0A[...]%0D%0AUsage Information is information about the delivery and playback of content using the Kontiki software, including information about user behavior within the service, the name of content being delivered, the number of times it has been played or the types of searches that are going through the Kontiki Delivery Network.%0D%0A[...]%0D%0AKontiki may share Usage Information with content providers or other parties,but do not disclose information in any way in which Usage Information would be personally identifiable.%0D%0A[...]%0D%0AKontiki is not responsible for the operation of the third party DRM in any way, including revocation of your ability to use Content or the collection or use of information collected from you by the third party DRM.
Description=Some sort of download manager specialized for GameSpot content. That content may be deleted by the Kontiki network without user choice. And the software allows GameSpot to monitor the usage of the downloaded content. More information can be found at http://www.extremetech.com/article2/0,3973,365073,00.asp .
Privacy=We use personally identifiable information in the following ways: [...] To help you quickly find software, services or product information important to you. [...]%0D%0AFirst, we never collect any of your personal data, unless you enter it into a sort of form and post it to us explicitly. Secondly, we are very strict about not annoying you with unnecessary notifications of any sort.
Description=Start on system start even if automatic update is disabled. Never collecting personal data without explicit confirmation sounds good, but 'not annoying with unnecessary notifications' goes as far as not telling about the constantly in stealth running updater.
Functionality=Providing the user with little tips, discounts, product reviews and warnings.
Privacy=YOU ARE REGISTERED FOR POPUPNETWORK SERVICES USING A RANDOMLY GENERATED USER ID. THE POPUPNETWORK THEREFORE CANNOT AND DOES NOT COLLECT PERSONAL INFORMATION.%0D%0A[...]%0D%0AIn addition, many sponsorships and promotions require that some information be transferred. By requesting more information, you give the PopUpNetwork permission to transfer your personal information to the sponsor so they can fulfill your request.%0D%0A[...]%0D%0ADuring these communications, the URL of the page you are visiting will be transferred to our computers [...]
Description=Very annoying, as it doesn't help to kill the running processes, they seem to pop up again and again. The descriptions makes it clear that it is content-watching. Installation assigns the user a unique ID. According to the Privacy Policy, the randomly created ID alone would prevent them from collecting PII. Also if you click a link in a Pop Up Network window, you give them permission to transfer your PII to their partners. Ads are Opt-Out, not Opt-In. All URLs are transmitted to their server. Multiple links to them are http://www.popup.net , http://www.popupads.com , http://www.popupnotes.com and http://www.popuptips.com .
Privacy=HUNTBAR'S TOOLBAR SERVICE COLLECTS AND STORES INFORMATION ABOUT THE WEB PAGES YOU VIEW, THE DATA YOU ENTER IN ONLINE FORMS AND SEARCH FIELDS, AND THE PRODUCTS YOU PURCHASE ONLINE WHILE USING THE TOOLBAR SERVICE.
Description=Huntbar connects without user consent to the internet and downloads additional Huntbar components. Its tasks are running in background and can not be disabled normally.%0D%0AHuntbar also gets started through hooking to the Explorer. Can cause the Internet Explorer to crash. Adds its own Windos system startup section settings and readds them if disabled or removed.
Privacy=We do not sell or rent your personally identifiable information to third parties for marketing purposes without providing you with a choice to opt out from such disclosure.
Description=Internet background task installed by iWon. iWon's privacy policy allows you to opt-out of giving away PII. Contacts http://plus.iwon.com transmitting a GUID that is most probably a unique ID. This sets a cookie and returns a hidden page. More constant small traffic is following with yet unknown contents.
EditDate=20021020
SalisburyID=244
[SideStep]
Company=SideStep, Inc.
Threat=Spyware
CompanyURL=http://www.sidestep.com/
Functionality=Sidebar to help finding cheap flights, hotels and cars.
Description=Transmits URLs and unique ID with every page visited. See also http://www.doxdesk.com/parasite/SideStep.html
EditDate=20021020
SalisburyID=245
Product=
CompanyProductURL=
CompanyPrivacyURL=
Privacy=
[Wazam]
Company=New York Internet Media, Inc.
Product=Wazam Toolbar
Threat=BHO
CompanyURL=http://www.wazam.com/
Functionality=According to homepage an IE toolbar.
Description=See also http://and.doxdesk.com/parasite/Wazam.html
Description=Scans viewed pages for keywords and displays corresponding ads. See also http://and.doxdesk.com/parasite/Cytron.html and McAfee at http://vil.nai.com/vil/content/v_99732.htm . Coded by http://www.cytron.com/ or http://slashdot.org/articles/02/10/25/1636215.shtml?tid=95
EditDate=20021020
SalisburyID=247
[EasyInstall]
Company=RedV
Threat=Spyware/Trojan
CompanyURL=http://www.adprotector.com/
CompanyProductURL=http://www.adprotector.com/
Privacy=There is no Privacy Statement on their homepage, just this description:%0D%0AAre you tired of Ads interrupting your work or play?%0D%0ARedV AdProtectorÖ is a great new product that allows you to completely remove programs that display advertisements and which may also be spying on your Internet surfing.%0D%0A%0D%0AAnd a short quote from their EULA:%0D%0AIn order to provide this service, RedV Network collects information on your web usage that remains anonymous to third parties. RedV Network may derive personal preference profiles from your Personal Information and web usage.
Description=For installation of their products, something named RedV easyInstall is installed. This program runs continuously and displays ads. The tray icon allows to suspend any incoming offers for up to two hours, but not constantly. A program that promises to get rid of ads, while silenty placing ads with their installer is trojan behaviour.
Privacy=Collection and Use: DELFIN will use personally identifiable information to provide and change service, to anticipate and resolve problems with your service, or to create and inform you of products and services that better meet your needs.%0D%0AWhat is anonymous information collected by others? In addition to anonymous information collected by DELFIN from users of DELFINÆs PromulGate Service and visitors to our Web Sites, advertising agents and other web sites you visit may collect anonymous information. The following types of anonymous information about Internet users are often collected by advertising agents (like DoubleClick and 24/7 Media, Inc.)
SalisburyID=249
[DeltaBar]
Company=DeltaClick
Threat=BHO/Spyware
CompanyURL=http://www.deltaclick.com/
Privacy=DeltaClick collects online behavior statistical information for our members. Examples of information that we may collect, other than through the registration form, include but are not limited to the URL of visited pages and MEMBER's IP address.%0D%0A[...]%0D%0Aathering this information enables us to tailor advertising content to Your interests and deliver offerings from advertisers that are relevant to You. DeltaClick gathers information only to personalize Your experience in this way, to improve the administration of the services and to increase the earning potential of our members. Summaries of the information will be made available to advertisers so that they may better target their advertising campaigns.
Description=Detection not completed as company homepage could not be reached.
Privacy=Information about your computer hardware and software is automatically collected by Cash Toolbar, but is used solely for traffic analysis purposes. This information includes: your IP address, browser type, domain names, access times and referring Web site addresses.%0D%0AThe customer's contact information is also used to contact the visitor when necessary. Users may opt-out of receiving future mailings; see the choice/opt-out section below. Demographic and profile data is also collected at our site. This information is shared with advertisers on an aggregate basis. We may use information collected to promote other affiliate programs, products, web sites and services.
Functionality=Searches harddisk for porn contents.
Privacy=Several PROMOTIONAL CONSOLES (daughter console/interstitial) may be launched for the duration of time you spend online. These consoles may continue to be launched as long as you have PurityScan installed on your machine. PurityScan does not monitor the activities or collect information from users once they have left PurityScan.%0D%0AWe may use customer contact information from the registration form to send the user information about our company and promotional material from some of our partners. The customer's contact information may also be used to contact the visitor when necessary and shared with other companies who may want to contact our visitors. Demographic and profile information may also be used to tailor the visitor's experience at our site, showing them content that we think might interest them. We may disclose information you enter during the join process to third parties.
Description=Running all the time while you are online; no monitoring if program is not running nearly implies monitoring while it does. For this, an executable is placed in the Autostart folder.%0D%0AAnd they take the right to give away all registration information.
SalisburyID=253
[ShowBehind]
Threat=Adware
Description=Silently installed adware that runs constantly. Uninstaller from developer not working.
Privacy=We use your GUID - a unique machine ID number associated with your computer - to help diagnose problems with our server, and to keep your eAnthology account status current.%0D%0AOur websites use cookies to keep track of your shopping cart and to ensure you don't see the same offer repeatedly. We use cookies to deliver content specific to your interests and to save your password to enter our websites, if you have one, so you don't have to re-enter it each time you visit our websites.%0D%0A[...] We may add other third-party content providers or advertisers at any time. To find out more about who our current third-party advertising suppliers are, and to obtain their website addresses, please contact:[...]
Description=User tracking, and to inform yourself about the additional content you may get, you have to write them a snailmail or email.
Description=Basically the software grants search capabilities. The terms of use allow SearchIt.Com to spy on your data as much as they want.
Privacy=12. UPDATES. You grant SearchIt.Com permission to add/remove features and/or functions to the existing software and/or service, or to install new applications, at any time, in its sole discretion with or without your knowledge and/or interaction. You also grant SearchIt.Com permission to make any changes to the software and/or service provided at any time.%0D%0A13. SERVER INTERACTION. You understand and accept that when the software is installed, it periodically comminutes with a server operated by SearchIt.Com and/or third party servers.%0D%0A14. INFORMATION COLLECTION. You understand and grant SearchIt.Com permission to assign each copy of the software an unique software identify code. You also grant SearchIt.Com permission to collect and store information of your internet usage habit, including but not limited to information about every web page you view with the full Uniform Resource Locators, and the content of web page. You understand and accept that Uniform Resource Locators and the content of web pages you view may include your personally identifiable information. You grant SearchIt.Com permission to collect and store information on which toolbar buttons you click on, your response to advertising, the search terms you entered on the toolbar and/or all ot er information relates to your internet usage habit. [...] SearchIt.Com does not currently enable users to access, review, edit, or delete information, including internet usage information, collected during use of the Service. By using the SearchIt.Com Software and/or Service you agree to waive any constitutional, common law, statutory, or regulatory right of access to such information that you might otherwise have or acquire. [Remark: this last part violates german law that allows every user to get insight into the data saved about him. The final sentence is legally not valid in Germany.]
SalisburyID=256
[FileFreedom]
Threat=Spyware
EditDate=20021128
Privacy=From readme.txt:%0D%0A2. Is this program watching me? Answer: When you download a new file using a P2P program, the Companion will look that file up in the File Catalog and display the information to you. A note is also made that you downloaded that particular file. This information is used to bring you personalized recommendations of other files. Recommendations are calculated by comparing the file's you downloaded to those of other users in order to find users that have similar tastes with you (the technical term for this is collaborative filtering). Information on what files you downloaded is stored in the form "user 424322 downloaded file 342525." FileFreedom does not track personally identifiable information - i.e. we DO NOT store something like "John Smith downloaded file.mp3"[...]%0D%0A4. Is this program spyware? Answer: NO! Spyware is a term that refers to programs that hide on your computer and collect personal information about you. The Companion meets none of these criteria. Whenever the FileSharing Companion is running, there will be 3 orange dots in your system-tray (by the clock). Furthermore, whenever the Companion communicates with the FileFreedom servers, a window will appear. There is nothing hidden about this program.
Description=The answer to the question if the program would spy that it is not hidden - during my tests those three disappeared even when the process was still running. Also they say they don't log downloads by name, but using numbers. Using unique IDs still allows personal identification! Furthermore the EULA (which isn't displayed, but saved in its folder) wants the user to agree to automated software updates without his knowledge.
Privacy=The eBay Toolbar is designed to be used in conjunction with the eBay site. Accordingly, your use of eBay Toolbar is also defined by the eBay User Agreement and Privacy Policy.
Description=According to http://pages.ebay.com/help/community/privacy-appendix2.html, information to advertisers (including even IP, viewed pages, etc.) is given only in non-personal identifiable version; and to external service providers only with your agreement. But this toolbar uses adfarm.mediaplex.com as a relocator when you click on 'My eBay' or do a search. A possible GUID is also transmitted to the relocator (MediaPlex) server. Your typed keywords are sometimes also transmitted to DoubleClick. In combination with tracking cookies (somethings MediaPlex and DoubleClick are known for) this would allow MediaPlex and DoubleClick to track you. eBay is not interested in giving any statement about this, which raises further suspicions.
SalisburyID=259
[eXactSearchbar]
Company=Pattern Discovery Software Systems Inc. / Exact Advertising LLC, owner of Mail.com
Description=The Spyware installer detection is the only one that is based only on filenames, without other criteria. The reason for this are two:%0D%0A1. files not yet installed don't have any registry references to them, and%0D%0A2. these detection is intended mainly for dialers - files that often differ in contents (different text, different images, different toll numbers) while keeping the same name (within one dialer 'family').%0D%0AThe Download directories setting should be set only(!) to your download folders, where you can easily identify the files you downloaded. Files in other places will be searched for automatically, there is no need to enter them in the setting. In fact, adding your whole harddisk to this setting will most likely result in false positives.%0D%0AIf files like wbemtest.exe in your Windows/System folder are detected as a spyware installer, that is such a false positive.
SalisburyID=261
Company=
Product=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
[CDilla]
Company=Macrovision
EditDate=20021217
Threat=Privacy breach
CompanyURL=http://www.macrovision.com/
CompanyProductURL=http://www.c-dilla.com/
Functionality=Copyright protection software
Description=BE WARNED: The application that has installed CDilla may stop working if you remove it!%0D%0ADo not remove if you haven't updated to 1.1 rel 3 or later!%0D%0A%0D%0ABasically, protection against pirated copies of copyrighted media is a good thing. The bad thing about this one is that it is often installed without the knowledge of the user. Old advertisement from Macrovision said that CDilla (or SafeCast to call it by their name) would protect against unauthorized internet downloads. While this would mean that it would watch all internet transfer, such functionality could not be found. Notice: while we currently detect CDilla, We DO condemn audio/video/software piracy.%0D%0A%0D%0ABE WARNED: The application that has installed CDilla may stop working if you remove it!%0D%0ADo not remove if you haven't updated to 1.1 rel 4 or later!%0D%0A%0D%0AYou may need to keep CDilla on your system because another application needs it as a license management system. There were some reports that CDilla would phone home, but that hasn't be proven. As a general safety measure, we recommend you use a firewall.
Privacy=We use IP addresses to analyze trends, administer the site, track user's movement, and gather broad demographic information for aggregate use.%0D%0A[...]Gigex collects personally identifying opt-in information from Gigex users ("Members") prior to each download%0D%0A[...}Those who use Gigex's services are Members. Gigex makes every effort to maintain the privacy of Members' personal information. Members who want to use our download services may agree to opt-in and to register for contests and accept our email messages as conditions of their free Gigex service. The Gigex demo download service is free to registered Members.[...]Member information also may be used for marketing and promotional purposes by Gigex and may be shared with our affiliates, companies that have been prescreened by Gigex or a successor in interest. We use email to inform you of new Gigex features, to let you know of urgent problems on our site, and to present special members-only opportunities to buy game-related products and services that are appropriate to the interests of our members.
Functionality=Download manager
Description=Installs by ActiveX without informing the user or asking for confirmation when the user wants to download game demos. Whole the user may think he just does a download, he is made a member by Gigex. Gigex collects personal identifiable information about members, thus qualifying for being called spyware.
SalisburyID=263
[BookmarkExpress]
EditDate=20021227
Threat=Discontinued adware, but update server still available
Privacy=IPinsight Software generates Line Speed, Geography, Gender/Age estimates, User ID, and IP address information, which it transmits to the IPinsight servers for use in the preparation of the companyÆs data file products.%0D%0A...%0D%0AUnique Identifier: IPinsight maintains file integrity through the use of a unique random number (GUID) for each user, which is stored in the userÆs Windows Registry.%0D%0A...%0D%0AP Address: Finally, when you install IPinsight's Software, it collects several bits of information about the configuration of your computer. This information includes information about the computer's hardware configuration, such as the amount of free space on your hard drive, and information about the computer's software configuration, such as the name and version of the operating system.
Description=Uses information collected from you to improve their database. The function of this database is not completely clear, but they will use it to track your location down to your neighbourhood, including geolocated demographic statistics about you.
Description=May install third-party software without knowledge of the user.
Privacy=While we don't know the identity of MP Software users, the MP client side technology and the MP server technology could in the future, anonymously collect and use the following kinds of information:%0D%0ASome of the Mini-products viewed%0D%0AResponse to the Mini-products viewed%0D%0AStandard web log information (excluding IP Addresses) and system settings%0D%0AWhat software is on the personal computer%0D%0AAny demographic information you may provide at your choice like First name, Country, and ZIP code%0D%0A[...]%0D%0AWe associate such information with a particular personal computer through a randomly generated Anonymous ID number and use it to accomplish the following:%0D%0AEnable the functionality provided in the MP (for example, to offer mini-products like mini-books, mini-magazines, mini-stuff etc. according to user selections)%0D%0A╖ Select and deliver installation files for optional new software applications%0D%0A╖ Deliver sponsorships to a computer screen on behalf of sponsors%0D%0A[...]%0D%0AWhen running on a computer, the MP regularly communicates with MP servers, and in some cases, third party servers, among other reasons, to: - maintain/update the MP or the MP Server;%0D%0A- facilitate installing and uninstalling the MP or MP Server;%0D%0A- retrieve mini-products and sponsorships for display;%0D%0A- facilitate various MP or MP Server features;%0D%0A- collect computer user usage information in an anonymous manner; and/or update user information. %0D%0A[...] %0D%0ATo improve the features or functions of the MP Server, or the MP or third-party Software, we may occasionally install technologies, such as certain rich media player applications, browser plugins, virtual machines, and runtime environments (collectively "Enabling Technologies"). %0D%0A[...] %0D%0ANote that soon after you have uninstalled the MP, any Enabling Technologies or mini-programs or third party software that were previously installed (such as browser plug-ins and audio/video players) will remain on the computer, because other programs may rely on these Enabling Technologies to function correctly.
SalisburyID=266
[GigaTech SuperBar]
Company=GigaTech Software, Inc.
Threat=BHO/Adware/Possible Spyware
CompanyURL=http://www.gigatechsoftware.com/
Privacy=Non-existent
Functionality=Fills in names, passwords and form data. Enhanced search functions for IE.
Description=Installs unrequested and without informing the user, for example with the last TwistedHumor comic.%0D%0AWhy a account/password/form filling utility? It has been long ago integrated into IE.
Privacy=YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT DEMOGRAPHIC AND PERSONALLY IDENTIFIABLE INFORMATION COLLECTED BY THE LICENSED SOFTWARE MAY BE USED BY MADOOGALI LLC, AND/OR THE MANUFACTURER OF THE PRODUCT, AS WELL AS SHARED, RENTED, LEASED, SOLD, OR OTHERWISE MADE AVAILABLE TO THIRD-PARTIES AT THE SOLE DISCRETION OF MADOOGALI LLC, IN ACCORDANCE WITH MADOOGALI LLC PRIVACY POLICY STATEMENT. YOU ALSO ACKNOWLEDGE AND AGREE THAT THE LICENSED SOFTWARE MAY ALSO GENERATE POP-UP DIALOGUE BOXES REQUESTING YOU TO VOLUNTARILY PROVIDE CERTAIN PERSONALLY IDENTIFIABLE INFORMATION, AND REQUIRING YOU TO PROVIDE CERTAIN DEMOGRAPHIC INFORMATION DURING REGISTRATION OF THE PRODUCT, AND/OR FROM TIME TO TIME THEREAFTER, WHILE THE PRODUCT IS ACTIVE. YOU FURTHER ACKNOWLEDGE AND AGREE THAT THE LICENSED SOFTWARE SHALL RESIDE ON YOUR LOCAL SYSTEM AND MAY OPERATE UNOBTRUSIVELY IN THE BACKGROUND, PERFORMING A LIVE UPDATE, DELIVERING ADDITIONAL REQUESTED SOFTWARE, COLLECTING AND TRANSMITTING INFORMATION RELATED TO THE DISPLAY AND TRACKING OF ADVERTISING AND ANY VOLUNTEERED DEMOGRAPHIC AND/OR VOLUNTEERED PERSONALLY IDENTIFIABLE INFORMATION ABOUT YOU TO MADOOGALI LLC, WHENEVER YOUR WEB BROWSER IS ACTIVE, WHETHER THE SOFTWARE IS ACTIVE OR NOT. YOU ALSO AGREE TO ACCEPT A MADOOGALI MENU ITEM ON YOUR START BAR. THIS MENU ITEM WILL ALLOW YOU TO UNINSTALL THE MADOOGALI TECHNOLOGY, AND MODIFY YOUR PROFILE.
SalisburyID=268
[NewtonKnows]
Company=Virtumondo, Inc.
Threat=Spyware
EditDate=20030127
CompanyURL=http://www.virtumundo.com/
CompanyProductURL=http://www.newtonknows.com
Functionality=Search add-on for IE
Privacy=The Company collects information from individuals when an individual provides information to a third party%0D%0A[...]%0D%0ASuch purchased information may include, but is not limited to, an individual's name, email address, street address, zip code, telephone numbers (including cell phone numbers and carriers), birth date, gender, salary range, education and marital status, occupation, industry of employment, personal and online interests, and such other information as the individual may have provided%0D%0A[...]%0D%0ATHE COMPANY MAY USE INDIVIDUAL INFORMATION FOR ANY LEGALLY PERMISSIBLE PURPOSE IN COMPANY'S SOLE DISCRETION.
Description=It could as well be called "Newton knows and sells anything about you."
SalisburyID=288
[MyWay.MySearch]
Threat=PUPS
Company=My search
Functionality=IE search toolbar
Description=The small privacy policy seems to be not quite right. For using Google or Altavista as a search engine, this toolbar still routes the searches over their own site. And why does every file that the page requests need to set a cookie that includes the users IP address?
EditDate=20030127
CompanyURL=
CompanyProductURL=http://www.mysearch.com/
Privacy=The My Search site and your My Search Bar protect your privacy. My Search does not track your searches or where you go on the Web. The My Search Bar does not contain any type of ad software to present you with ads while you are on the Internet. Simply put, the My Search site and your My Search Bar provide you with the best search resources on the Web, with no strings attached.
SalisburyID=289
Product=
CompanyPrivacyURL=
[Alexa Related]
Threat=Possible Spyware
Description=The "Show related links" function of Internet Explorer opens a Microsoft search page that redirects to Alexa. Alexa is known for the Alexa toolbar. As the Alexa toolbar is classified as spyware, the Alexa search page may collect too much user information as well.%0D%0AIf other products still detect Alexa after you have cleaned it with Spybot-S&D, it is a false alarm. Spybot-S&D does replace the file responsible for connecting to Alexa with one using the Google related function instead, instead of deleting the whole "Show related links" function.
SalisburyID=290
[SearchSquire]
Threat=Adware
EditDate=20030205
Description=please see http://www.doxdesk.com/parasite/SearchSquire.html
SalisburyID=291
[Showbar]
Threat=Unstable BHO
EditDate=20030220
Description=Verified to crash Internet Explorer very often. The exact function is unknown; if you did intentionally install this browser helper and it doesn't crash your machine, you can ignore it.
SalisburyID=292
Company=
Product=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
[Wishbone]
Threat=Possibly spyware
EditDate=20030321
Functionality=IE search bar with popup blocker
Description=Nice toolbar, the popup blocker is even working. Too bad it transmits a unique ID on each search and silently connects to an ad server itself (maybe blocking other ads to display its own?). Also, no privacy policy explains what this GUID is for. Possibly it even has capabilities to secretly download other apps.
CompanyURL=http://www.wishbone.com/
CompanyProductURL=http://toolbar.wishbone.com/
Privacy=None available for software
SalisburyID=293
[ClientMan]
EditDate=20030321
Functionality=Unknown
Threat=Malware/Possibly spyware
Description=Unknown how it gets onto a computer, or what the exact damage it does is, but it is surely bad, as it automatically forces ZoneAlarm to accept its connect, without giving the user a choice.
SalisburyID=294
Company=
Product=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Privacy=
[FreeScratchCards]
EditDate=20030324
Threat=Spyware/Hijacker/Malware.
Functionality=
Description=Changes start- & search page, and tracks your Internet usage. Auto-installs updates and possible other software (according to license with user consent, but in our test it installed C2.lop without asking for confirmation).
Privacy=To insure you always have the latest version and for your convenience this software will automatically update itself from time to time once installed. Also we will download other companies programs to your computer which you will have the choice to install or not install once downloaded.%0D%0A[...]%0D%0A
- To prevent your browser from becoming cluttered when our toolbar is installed, any other toolbars you currently have visible will be deactivated. They can be restored manually through the Internet Explorer "View" menu.%0D%0A- Once installed if you decide to change your start or search page this information will be sent back to our server. Also information in regards to your browsing will be sent to our servers, such as how long you surf for, and your surfing habits.
SalisburyID=295
[Inet Delivery]
Company=Inet Delivery
Product=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Inet Delivery hijacks the start page of the Internet Explorer. It is related to the Smitfraud-C. malware.
Description=From their own description: "Our technology keeps your business continuously connected to employees and customers even when they're not on your Web site." as well as "Features include: [...]Tracking and Reporting".%0D%0AWhether your installation of this toolbar is a threat or not depends mostly on the AtHoc customer that provides your toolbar variant. The toolbar allows the customer tracking, and user information may be shared with associates for advertisement purposes. Our recommendation: keep the toolbar if you've installed it intentionally, otherwise remove it.
Threat=Tracking/Spyware (depending on implementation)
Privacy=AtHoc uses this information primarily to personalize your experience on the Web, improve service to you, monitor Website traffic generated by your use of this service, and determine appropriate fees to charge your Toolbar providers (ôAtHoc Clientsö) and Websites you visit as a result of placement on your Toolbar (ôAtHoc Affiliatesö). AtHoc may combine information it collects from you with information from other sources. AtHoc may also use the information collected to provide you with targeted marketing or promotional information, which you can choose not to receive.%0D%0AData collected by AtHoc may be provided by or distributed to the specific AtHoc Toolbar Partner who is providing the AtHoc Toolbar service for your use. Please see their privacy policies to understand their practices in handling the information collected.[...]%0D%0AAtHoc, AtHoc Clients, and AtHoc Affiliates may send you marketing or promotional offers[...]
SalisburyID=297
[Ahead Nero Burning Rom]
Company=Ahead Software AG
Product=Ahead Nero Burning Rom
Threat=Usage tracks
CompanyURL=http://www.ahead.de/
CompanyProductURL=http://www.ahead.de/
CompanyPrivacyURL=
Functionality=CD burning software.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=A list of files and some directories you recently used.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=The list of recently typed URLs and the directory last used for saving HTML files, and of course cookies and the Temporary Internet Files (cache).
EditDate=20021020
SalisburyID=300
[LogoManager]
Company=
Product=LogoManager
Threat=Usage tracks
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Program to transfer logos and ring tones to cell phones.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=A list of files and one directory you recently used.
EditDate=20021020
SalisburyID=301
[Log]
Company=
Product=
Threat=Usage tracks
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Logs allow you to look up information about installation / setup processes.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=Logs won't be deleted, just moved to a folder inside the Spybot-S&D directory to make it more difficult for spies to automatically detect them.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=A list of recently used files and URLs and the last open directory.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Functionality=The part of Windows responsible for remote access by dialing.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=The list of recently dialed phonebook entries.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=A list of recently used files.
EditDate=20021020
SalisburyID=307
[Netscape Navigator]
Company=Netscape/AOL
Product=
Threat=
CompanyURL=http://www.netscape.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Internet browser.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=The internet files cache and list of recently visited URLs.
EditDate=20021020
SalisburyID=308
[Opera]
Company=Opera Software
Product=
Threat=Usage tracks
CompanyURL=http://www.opera.com/
CompanyProductURL=http://www.opera.com/
CompanyPrivacyURL=http://www.opera.com/privacy/
Functionality=Internet browser.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=A list of recently used files and some directories, as well as the internet cache.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=A list of recently used files and some directories.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=A list of recently used files and some directories.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=The directory last used and a list of recently used files.
EditDate=20021020
SalisburyID=313
[SpruceUp]
Company=
Product=SpruceUp
Threat=Usage tracks
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=DVD authoring software.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=A list of recently used files.
EditDate=20021020
SalisburyID=314
[Virtual Dub]
Company=Avery Lee
Product=Virtual Dub
Threat=Usage tracks
CompanyURL=http://www.virtualdub.org/index
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Video editing software.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Functionality=Your Windows computer main storage browser.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=The computer and document search history as well as the network map history.
EditDate=20021020
SalisburyID=316
[WinRAR]
Company=
Product=WinRAR
Threat=Usage tracks
CompanyURL=http://www.rarlab.com/
CompanyProductURL=http://www.rarlab.com/
CompanyPrivacyURL=
Functionality=File compression utility.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=Some lists of directories and recently used files.
EditDate=20021020
SalisburyID=317
[WinZip]
Company=WinZip Computing, Inc.
Product=WinZip
Threat=Usage tracks
CompanyURL=http://www.winzip.com/
CompanyProductURL=http://www.winzip.com/
CompanyPrivacyURL=
Functionality=File compression utility.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=Some lists of directories and recently used files.
Functionality=A tool for easier upload of photos to Yahoo groups.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=The list of your recent search terms using Google Toolbar.
EditDate=20021020
SalisburyID=320
[FAR Manager]
Company=
Product=FAR Manager
Threat=Usage tracks
CompanyURL=http://www.rarlab.com/
CompanyProductURL=http://www.rarlab.com/
CompanyPrivacyURL=
Functionality=File manager.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=List of recent text, file and ftp operations.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Privacy=Usage tracks allow any user with direct access to your machine to see what files you have worked on recently. If that user is you, those tracks are even a feature. There is no other harm done by usage tracks.
Description=According to Symtantec: http://securityresponse.symantec.com/avcenter/venc/data/trojan.netbuie.a.html it is a trojan horse disguised as an XBox emulator.
EditDate=20021020
SalisburyID=19
[Benjamin]
Company=
Product=Benjamin aka W32.Benjamain
Threat=Worm
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=A worm working with the P2P network KaZaA. Cloaks itself with filenames of popular downloads. If downloaded, creates a new folder in your System directory, shares it, and makes multiple copies of itself in it.
Functionality=Gets installed by opening an infected email. Once installed, it sends itself to all contacts it can gather from your address book, even email addresses found in the web site cache. Subject and contents of these mails change.
Privacy=
Description=Symantec information: http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html %0D%0ASophos information: http://www.sophos.com/virusinfo/analyses/w32klezh.html %0D%0AMcAfee Information: http://vil.mcafee.com/dispVirus.asp?virus_k=99455 %0D%0ADetection finds only main files. If you find one or both Klez entries, make sure you update your antivirus software and use it to remove the worm.%0D%0AAlso, if you've got We-Blocker installed, this may be a false positive, so check with your AV first before removing it!
Functionality=Infects Win9x machines over open network shares of drive C.
Description=To make sure this is no false positive, see if 4 entries for the problem are detected. You should also use your AV to verify removal is complete.%0D%0Ahttp://www.f-secure.com/v-descs/opasoft.shtml
Functionality=Avatar Resources, owned by QTech, Ltd., an Anguilla corporation, is a marketing implementation provider and partner. It provides targeted rich-media advertising to website publishers.
Privacy=Avatar Resources. Privacy Notice%0D%0A%0D%0AEffective 01/01/2004%0D%0A%0D%0AAvatar Resources Privacy Notice Table Of Contents:%0D%0A%0D%0AOur Commitment to Privacy%0D%0AThe Information We Collect%0D%0AHow We Use Information%0D%0AOur Commitment to Data Security%0D%0AOur Commitment to Children's Privacy%0D%0AHow to Access or Correct Your Information%0D%0AHow to Contact Us%0D%0A%0D%0AOur Commitment to Privacy%0D%0A%0D%0AYour privacy is important to us. In order to insure your privacy we are providing this notice to explain our information collection practices%0D%0A%0D%0AThe Information We Collect%0D%0A%0D%0AThis notice applies to all information collected or submitted on the Avatar Resources website and the Avatar Resources contextual marketing platform. The types of personal information collected at these pages are:%0D%0A%0D%0AIP address%0D%0AURLs visited%0D%0A%0D%0AHow We Use Information%0D%0A%0D%0AThis information is only used to track website usage and target advertisements.%0D%0A%0D%0AWe use non-identifying and aggregate information to better design our website and to share with advertisers.%0D%0A%0D%0AIn order to offer our advertisers targeted advertising we need to show them the sites in the category of their target audience. No other personal information is shared.%0D%0A%0D%0APlease note: Our site may contain links to other web sites. Avatar Resources is not responsible for the privacy practices or the content of such Web sites.%0D%0A%0D%0AFinally, we never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses.%0D%0A%0D%0AOur Commitment to Data Security%0D%0A%0D%0ATo prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.%0D%0A%0D%0AOur Commitment to Children's Privacy:%0D%0A%0D%0AProtecting the privacy of the very young is especially important. For that reason, we never collect or maintain information at our website from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.%0D%0A%0D%0AHow to Contact Us%0D%0A%0D%0AShould you have other questions or concerns about these privacy policies, please send us an email at admin@avatarresources.com.
Description=after execution of ARUpdate.exe, it connects to internet and downloads AdRoar.dll%0D%0Aaffiliated with targetnet, shows their ad popups
[Delfin Project]
Product=Delfin Project
Company=
Threat=Trojan
CompanyURL=http://www.delfinproject.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The program installs to the Winodws System folder against the user's will and runs on each startup causing unwanted popups.
[Virtual Grub]
Product=Virtual Grub
Company=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=Hijacker
Functionality=
Privacy=
Description=This hijacker redirected all connections to a web site offering ring tones for cell phones.
[Trek Blue Error Nuker]
Product=Trek Blue Error Nuker
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=PLEASE READ THIS END USER LICENSE AGREEMENT ("LICENSE") CAREFULLY BEFORE CHOOSING THE "YES" OPTION BELOW. BY CHOOSING "YES" YOU ARE AGREEING TO BE BOUND BY THE TERMS OF THIS LICENSE. IF YOU DO NOT AGREE TO THE TERMS OF THIS LICENSE, THEN TREK BLUE, INC. (HEREINAFTER COLLECTIVELY "TREK BLUE") DOES NOT CONSENT TO LICENSE THE SOFTWARE TO YOU, AND YOU SHOULD NOT USE THE SOFTWARE. BY INSTALLING, DOWNLOADING, COPYING, OR OTHERWISE USING THE SOFTWARE, YOU ACKNOWLEDGE THAT YOU HAVE READ THESE TERMS AND CONDITIONS, UNDERSTAND THEM, AND AGREE TO BE BOUND BY THEM. IF YOU DO NOT AGREE TO THESE TERMS AND CONDITIONS, YOU ARE NOT AUTHORIZED AND MAY NOT USE THE SOFTWARE.
Description=A popup caused by CoolWWWSearch.Aff.Winshow urges the user to download Error Nuker to free the computer from unwanted registry entries. Having downloaded the program (and accepted an insufficient privacy agreement) it will scan the system and find two or three fake entries. If the user wants to have these fixed a dialogue opens telling the user that he will have to buy the full programm for 40 Euros.
[Forbot]
Product=Forbot
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=After installation the program deletes the installer and copies itself into the System32 folder, from which it is run on each startup. Once started, the program removes some common security software (firewall, anti virus, etc.) and thus makes the system extremely vulnerable. Furthermore it tries to connect to the internet allowing a possible attacker access to the computer.%0D%0A
[Agobot]
Product=Agobot
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The program installs itself into the System32 folder and in C:\. It redirects the IE start page to a dubious search page without asking the user. Also, it tries to connect to the internet all the time.
Functionality=SpywareNo pretends to be an anti-spyware tool.
Privacy=SpywareNo!%0D%0AEnd User License Agreement (EULA)%0D%0A%0D%0ANOTICE TO USER: PLEASE READ THIS CONTRACT CAREFULLY. BY USING ALL OR ANY PORTION OF THE SOFTWARE YOU ACCEPT ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT, INCLUDING, IN PARTICULAR THE LIMITATIONS ON: USE CONTAINED IN SECTION 2; TRANSFERABILITY IN SECTION 4; WARRANTY IN SECTION 6 AND 7; AND LIABILITY IN SECTION 8. YOU AGREE THAT THIS AGREEMENT IS ENFORCEABLE LIKE ANY WRITTEN NEGOTIATED AGREEMENT SIGNED BY YOU. IF YOU DO NOT AGREE, DO NOT USE THIS SOFTWARE. %0D%0A%0D%0A1. Definitions. "Software" means (a) all of the contents of the files, disk(s), CD-ROM(s) or other media with which this Agreement is provided, including but not limited to (i) SpywareNo! or third party computer information or software; (ii) digital images, stock photographs, clip art, sounds or other artistic works ("Stock Files"); (iii) related explanatory written materials or files ("Documentation"); and (iv) fonts; and (b) upgrades, modified versions, updates, additions, and copies of the Software, if any, licensed to you by SpywareNo! (collectively, "Updates"). "Use" or "Using" means to access, install, download, copy or otherwise benefit from using the functionality of the Software in accordance with the Documentation. "Permitted Number" means one (1) unless otherwise indicated under a valid license (e.g. volume license) granted by SpywareNo!. "Computer" means an electronic device that accepts information in digital or similar form and manipulates it for a specific result based on a sequence of instructions.%0D%0A%0D%0A2. Software License. As long as you comply with the terms of this End User License Agreement (the "Agreement"), SpywareNo! grants to you a non-exclusive license to Use the Software for the purposes described in the Documentation. Some third party materials included in the Software may be subject to other terms and conditions, which are typically found in a "Read Me" file located near such materials or on an appropriate website.%0D%0A2.1. General Use. You may install and Use a copy of the Software on your compatible computer, up to the Permitted Number of computers; or%0D%0A2.2. Server Use. You may install one copy of the Software on your computer file server for the purpose of downloading and installing the Software onto other computers within your internal network up to the Permitted Number or you may install one copy of the Software on a computer file server within your internal network for the sole and exclusive purpose of using the Software through commands, data or instructions (e.g. scripts) from an unlimited number of computers on your internal network. No other network use is permitted, including but not limited to, using the Software either directly or through commands, data or instructions from or to a computer not part of your internal network, for internet or web hosting services or by any user not licensed to use this copy of the Software through a valid license from SpywareNo!.%0D%0A2.3. Backup Copy. You may make one backup copy of the Software, provided your backup copy is not installed or used on any computer. You may not transfer the rights to a backup copy unless you transfer all rights in the Software as provided under Section 4.%0D%0A2.4. Home Use. You, as the primary user of the computer on which the Software is installed, may also install the Software on one of your home computers. However, the Software may not be used on your home computer at the same time the Software on the primary computer is being used.%0D%0A2.5. Stock Files. Unless stated otherwise in the "Read-Me" files associated with the Stock Files, which may include specific rights and restrictions with respect to such materials, you may display, modify, reproduce and distribute any of the Stock Files included with the Software. However, you may not distribute the Stock Files on a stand-alone basis, i.e., in circumstances in which the Stock Files constitute the primary value of the product being distributed. Stock Files may not be used in the production of libelous, defamatory, fraudulent, lewd, obscene or pornographic material or any material that infringes upon any third party intellectual property rights or in any otherwise illegal manner. You may not claim any trademark rights in the Stock Files or derivative works thereof.%0D%0A2.6. Font Software. If the Software includes font software - %0D%0A2.6.1. You may Use the font software as described above on the Permitted Number of computers and output such font software on any output devices connected to such computers. %0D%0A2.6.2. If the Permitted Number of computers is five or fewer, you may download the font software to the memory (hard disk or RAM) of one output device connected to at least one of such computers for the purpose of having such font software remain resident in the output device, and of one additional such output device for every multiple of five represented by the Permitted Number of computers. %0D%0A2.6.3. You may take a copy of the font(s) you have used for a particular file to a commercial printer or other service bureau, and such service bureau may Use the font(s) to process your file, provided such service bureau has a valid license to Use that particular font software. %0D%0A2.6.4. You may convert and install the font software into another format for use in other environments, subject to the following conditions: A computer on which the converted font software is used or installed shall be considered as one of your Permitted Number of computers. Use of the font software you have converted shall be pursuant to all the terms and conditions of this Agreement. Such converted font software may be used only for your own customary internal business or personal use and may not be distributed or transferred for any purpose, except in accordance with the Transfer section below. %0D%0A2.6.5 You may embed the font software, or outlines of the font software, into your electronic documents to the extent that the font vendor copyright owner allows for such embedding. The fonts contained in this package may contain both SpywareNo! and non-SpywareNo! owned fonts. You may fully embed any font owned by SpywareNo!. Refer to the font sample sheet or font information file to determine font ownership. See the Documentation for location and information on how to access these sheets and files.%0D%0A%0D%0A3. Intellectual Property Rights. The Software and any copies that you are authorized by SpywareNo! to make are the intellectual property of and are owned by SpywareNo! and its suppliers. The structure, organization and code of the Software are the valuable trade secrets and confidential information of SpywareNo! and its suppliers. The Software is protected by copyright, including without limitation by United Kindom Copyright Law, international treaty provisions and applicable laws in the country in which it is being used. You may not copy the Software, except as set forth in Section 2 ("Software License"). Any copies that you are permitted to make pursuant to this Agreement must contain the same copyright and other proprietary notices that appear on or in the Software. Except for font software converted to other formats as permitted in section 2.6.4, you agree not to modify, adapt or translate the Software.You also agree not to reverse engineer, decompile, disassemble or otherwise attempt to discover the source code of the Software except to the extent you may be expressly permitted to decompile under applicable law, it is essential to do so in order to achieve operability of the Software with another software program. SpywareNo! has the right to impose reasonable conditions and to request a reasonable fee before providing such information. Any information supplied by SpywareNo! or obtained by you, as permitted hereunder, may only be used by you for the purpose described herein and may not be disclosed to any third party or used to create any software which is substantially similar to the expression of the Software. Requests for information should be directed to the SpywareNo! Customer Support Department. Trademarks shall be used in accordance with accepted trademark practice, including identification of trademarks owners' names. Trademarks can only be used to identify printed output produced by the Software and such use of any trademark does not give you any rights of ownership in that trademark. Except as expressly stated above, this Agreement does not grant you any intellectual property rights in the Software. %0D%0A%0D%0A4. Transfer. You may not, rent, lease, sublicense or authorize all or any portion of the Software to be copied onto another users computer except as may be expressly permitted herein. You may, however, transfer all your rights to Use the Software to another person or legal entity provided that: (a) you also transfer each this Agreement, the Software and all other software or hardware bundled or pre-installed with the Software, including all copies, Updates and prior versions, and all copies of font software converted into other formats, to such person or entity; (b) you retain no copies, including backups and copies stored on a computer; and (c) the receiving party accepts the terms and conditions of this Agreement and any other terms and conditions upon which you legally purchased a license to the Software. Notwithstanding the foregoing, you may not transfer education, pre-release, or not for resale copies of the Software. %0D%0A%0D%0A5. Multiple Environment Software / Multiple Language Software / Dual Media Software / Multiple Copies/ Bundles / Updates. If the Software supports multiple platforms or languages, if you receive the Software on multiple media, if you otherwise receive multiple copies of the Software, or if you received the Software bundled with other software, the total number of your computers on which all versions of the Software are installed may not exceed the Permitted Number. You may not, rent, lease, sublicense, lend or transfer any versions or copies of such Software you do not Use. If the Software is an Update to a previous version of the Software, you must possess a valid license to such previous version in order to Use the Update. You may continue to Use the previous version of the Software on your computer after you receive the Update to assist you in the transition to the Update, provided that: the Update and the previous version are installed on the same computer; the previous version or copies thereof are not transferred to another party or computer unless all copies of the Update are also transferred to such party or computer; and you acknowledge that any obligation SpywareNo! may have to support the previous version of the Software may be ended upon availability of the Update. %0D%0A%0D%0A6. NO WARRANTY. The Software is being delivered to you "AS IS" and SpywareNo! makes no warranty as to its use or performance. SpywareNo! AND ITS SUPPLIERS DO NOT AND CANNOT WARRANT THE PERFORMANCE OR RESULTS YOU MAY OBTAIN BY USING THE SOFTWARE. EXCEPT FOR ANY WARRANTY, CONDITION, REPRESENTATION OR TERM TO THE EXTENT TO WHICH THE SAME CANNOT OR MAY NOT BE EXCLUDED OR LIMITED BY LAW APPLICABLE TO YOU IN YOUR JURISDICTION, SpywareNo! AND ITS SUPPLIERS MAKE NO WARRANTIES CONDITIONS, REPRESENTATIONS, OR TERMS (EXPRESS OR IMPLIED WHETHER BY STATUTE, COMMON LAW, CUSTOM, USAGE OR OTHERWISE) AS TO ANY MATTER INCLUDING WITHOUT LIMITATION NONINFRINGEMENT OF THIRD PARTY RIGHTS, MERCHANTABILITY, INTEGRATION, SATISFACTORY QUALITY, OR FITNESS FOR ANY PARTICULAR PURPOSE. %0D%0A%0D%0A7. Pre-release Product Additional Terms. If the product you have received with this license is pre-commercial release or beta Software ("Pre-release Software"), then the following Section applies. To the extent that any provision in this Section is in conflict with any other term or condition in this Agreement, this Section shall supercede such other term(s) and condition(s) with respect to the Pre-release Software, but only to the extent necessary to resolve the conflict. You acknowledge that the Software is a pre-release version, does not represent final product from SpywareNo!, and may contain bugs, errors and other problems that could cause system or other failures and data loss. Consequently, the Pre-release Software is provided to you "AS-IS", and SpywareNo! disclaims any warranty or liability obligations to you of any kind. WHERE LEGALLY LIABILITY CANNOT BE EXCLUDED FOR PRE-RELEASE SOFTWARE, BUT IT MAY BE LIMITED, SpywareNo!'S LIABILITY AND THAT OF ITS SUPPLIERS SHALL BE LIMITED TO THE SUM OF FIFTY DOLLARS (U.S. $50) IN TOTAL. You acknowledge that SpywareNo! has not promised or guaranteed to you that Pre-release Software will be announced or made available to anyone in the future, that SpywareNo! has no express or implied obligation to you to announce or introduce the Pre-release Software and that SpywareNo! may not introduce a product similar to or compatible with the Pre-release Software. Accordingly, you acknowledge that any research or development that you perform regarding the Pre-release Software or any product associated with the Pre-release Software is done entirely at your own risk. During the term of this Agreement, if requested by SpywareNo!, you will provide feedback to SpywareNo! regarding testing and use of the Pre-release Software, including error or bug reports. If you have been provided the Pre-release Software pursuant to a separate written agreement, such as the SpywareNo! Serial Agreement for Unreleased Products, your use of the Software is also governed by such agreement. You agree that you may not and certify that you will not sublicense, lease, loan, rent, or transfer the Pre-release Software. Upon receipt of a later unreleased version of the Pre-release Software or release by SpywareNo! of a publicly released commercial version of the Software, whether as a stand-alone product or as part of a larger product, you agree to return or destroy all earlier Pre-release Software received from SpywareNo! and to abide by the terms of the End User License Agreement for any such later versions of the Pre-release Software. Notwithstanding anything in this Section to the contrary, if you are located outside the United States of America, you agree that you will return or destroy all unreleased versions of the Pre-release Software within thirty (30) days of the completion of your testing of the Software when such date is earlier than the date for SpywareNo!'s first commercial shipment of the publicly released (commercial) Software.%0D%0A%0D%0A8. LIMITATION OF LIABILITY. IN NO EVENT WILL SpywareNo! OR ITS SUPPLIERS BE LIABLE TO YOU FOR ANY DAMAGES, CLAIMS OR COSTS WHATSOEVER OR ANY CONSEQUENTIAL, INDIRECT, INCIDENTAL DAMAGES, OR ANY LOST PROFITS OR LOST SAVINGS, EVEN IF AN SpywareNo! REPRESENTATIVE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS, DAMAGES, CLAIMS OR COSTS OR FOR ANY CLAIM BY ANY THIRD PARTY. THE FOREGOING LIMITATIONS AND EXCLUSIONS APPLY TO THE EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION. SpywareNo!'S AGGREGATE LIABILITY AND THAT OF ITS SUPPLIERS UNDER OR IN CONNECTION WITH THIS AGREEMENT SHALL BE LIMITED TO THE AMOUNT PAID FOR THE SOFTWARE, IF ANY. Nothing contained in this Agreement limits SpywareNo!'s liability to you in the event of death or personal injury resulting from SpywareNo!'s negligence or for the tort of deceit (fraud). SpywareNo! is acting on behalf of its suppliers for the purpose of disclaiming, excluding and/or limiting obligations, warranties and liability as provided in this Agreement, but in no other respects and for no other purpose. For further information, please see the jurisdiction specific information at the end of this Agreement, if any, or contact SpywareNo!'s Customer Support Department.%0D%0A%0D%0A9. Export Rules. You agree that the Software will not be shipped, transferred or exported into any country or used in any manner prohibited by the United States Export Administration Act or any other export laws, restrictions or regulations (collectively the "Export Laws"). In addition, if the Software is identified as export controlled items under the Export Laws, you represent and warrant that you are not a citizen, or otherwise located within, an embargoed nation (including without limitation Iran, Iraq, Syria, Sudan, Libya, Cuba, North Korea, and Serbia) and that you are not otherwise prohibited under the Export Laws from receiving the Software. All rights to Use the Software are granted on condition that such rights are forfeited if you fail to comply with the terms of this Agreement.%0D%0A%0D%0A10. Governing Law. This Agreement will be governed by and construed in accordance with the substantive laws in force in the United Kindom of Great Britain. The respective courts of London, Great Britain shall have non-exclusive jurisdiction over all disputes relating to this Agreement. This Agreement will not be governed by the conflict of law rules of any jurisdiction or the United Nations Convention on Contracts for the International Sale of Goods, the application of which is expressly excluded. %0D%0A%0D%0A11. General Provisions. If any part of this Agreement is found void and unenforceable, it will not affect the validity of the balance of the Agreement, which shall remain valid and enforceable according to its terms. This Agreement shall not prejudice the statutory rights of any party dealing as a consumer. This Agreement may only be modified by a writing signed by an authorized officer of SpywareNo!. Updates may be licensed to you by SpywareNo! with additional or different terms. This is the entire agreement between SpywareNo! and you relating to the Software and it supersedes any prior representations, discussions, undertakings, communications or advertising relating to the Software. %0D%0A%0D%0A12. Notice to U.S. Government End Users. The Software and Documentation are "Commercial Items," as that term is defined at 48 C.F.R. º2.101, consisting of "Commercial Computer Software" and "Commercial Computer Software Documentation," as such terms are used in 48 C.F.R. º12.212 or 48 C.F.R. º227.7202, as applicable. Consistent with 48 C.F.R. º12.212 or 48 C.F.R. ºº227.7202-1 through 227.7202-4, as applicable, the Commercial Computer Software and Commercial Computer Software Documentation are being licensed to U.S. Government end users (a) only as Commercial Items and (b) with only those rights as are granted to all other end users pursuant to the terms and conditions herein. Unpublished-rights reserved under the copyright laws of the United States. SpywareNo!. For U.S. Government End Users, SpywareNo! agrees to comply with all applicable equal opportunity laws including, if appropriate, the provisions of Executive Order 11246, as amended, Section 402 of the Vietnam Era Veterans Readjustment Assistance Act of 1974 (38 USC 4212), and Section 503 of the Rehabilitation Act of 1973, as amended, and the regulations at 41 CFR Parts 60-1 through 60-60, 60-250, and 60-741. The affirmative action clause and regulations contained in the preceding sentence shall be incorporated by reference in this Agreement.%0D%0A%0D%0A13. Compliance with Licenses. If you are a business or organisation, you agree that upon request from SpywareNo! or SpywareNo!'s authorised representative, you will within thirty (30) days fully document and certify that use of any and all SpywareNo! Software at the time of the request is in conformity with your valid licenses from SpywareNo!.%0D%0A%0D%0AIf you have any questions regarding this Agreement or if you wish to request any information from SpywareNo! please use the address and contact information included with this product to contact the SpywareNo! office serving your jurisdiction. %0D%0A%0D%0ASpywareNo! is either registered trademark or trademark of SpywareNo! in the United Kindom of Great Britain and/or other countries.
Description=On the program's web site the user "learns" horrifying stories about computers, espionnage, etc. thus urging the user to install SpywareNo. Having downloaded the program it installs to "c:\program files" (without letting the user change that directory), scans the computer viruses and finds some fake viruses which the user cannot remove with the (free) test version. Instead it offers to buy the full program for 20 Euros or to order a 3-day test. With this 3-day test one can remove the alleged viruses, however, after a certain time there are pop ups reporting that the computer is infected by some viruses that cannot be removed with the 3-day test.%0D%0AFurthermore, the program refers to a EULA the user has to agree with during installation, without the EULA being accessible. In order to read the EULA one has to go to the web site.
[Microsoft.WindowsSecurityCenter]
Product=Windows Security Center
Company=Microsoft
Threat=Changed Security Center Settings
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=This entry only wants to bring to your attention that "someone" has disabled one or more notifications in the Windows security center.%0D%0AIf youÆve changed the settings yourself you can safely tell Spybot to exclude those detections from further searches. In order to do this please right click on each in turn, then click "exclude this detection from future searches". That way, should any other part of security center settings change Spybot will still detect those. For more information please visit our forum linked above.
Privacy=
Description=
[Microsoft.WindowsSecurityCenter.SP2Update]
Product=Windows Security Center
Company=Microsoft
Threat=Changed Security Center Settings
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=This entry only wants to bring to your attention that "someone" has disabled one or more notifications in the Windows security center.%0D%0AIf youÆve changed the settings yourself you can safely tell Spybot to exclude those detections from further searches. In order to do this please right click on each in turn, then click "exclude this detection from future searches". That way, should any other part of security center settings change Spybot will still detect those. For more information please visit our forum linked above.%0D%0A%0D%0A"Windows Security Center.SP2Update", if this is found the automatic Update to Service Pack 2 is excluded from normal windowsupdate
Functionality=This entry only wants to bring to your attention that "someone" has disabled one or more notifications in the Windows security center.%0D%0AIf youÆve changed the settings yourself you can safely tell Spybot to exclude those detections from further searches. In order to do this please right click on each in turn, then click "exclude this detection from future searches". That way, should any other part of security center settings change Spybot will still detect those. For more information please visit our forum linked above.%0D%0A%0D%0A%0D%0A"Windows Security Center.UpdateDisableNotify" , if this is found, the Security Center does not notify about updates
Functionality=This entry only wants to bring to your attention that "someone" has disabled one or more notifications in the Windows security center.%0D%0AIf youÆve changed the settings yourself you can safely tell Spybot to exclude those detections from further searches. In order to do this please right click on each in turn, then click "exclude this detection from future searches". That way, should any other part of security center settings change Spybot will still detect those. For more information please visit our forum linked above.%0D%0A%0D%0A%0D%0A"Windows Security Center.AntiVirusOverride" , if this is found, the Security Center does not monitor the antivirus-protection
Functionality=This entry only wants to bring to your attention that "someone" has disabled one or more notifications in the Windows security center.%0D%0AIf youÆve changed the settings yourself you can safely tell Spybot to exclude those detections from further searches. In order to do this please right click on each in turn, then click "exclude this detection from future searches". That way, should any other part of security center settings change Spybot will still detect those. For more information please visit our forum linked above.%0D%0A%0D%0A"Windows Security Center.AntiVirusDisableNotify" , if this is found, the Security Center does not notify about the antivirussoftware.%0D%0AThis could have been disabled by your antivirussoftware to avoid double notifications. If your antivirussoftware is up and running , you can ignore this detection.
Functionality=This entry only wants to bring to your attention that "someone" has disabled one or more notifications in the Windows security center.%0D%0AIf youÆve changed the settings yourself you can safely tell Spybot to exclude those detections from further searches. In order to do this please right click on each in turn, then click "exclude this detection from future searches". That way, should any other part of security center settings change Spybot will still detect those. For more information please visit our forum linked above.%0D%0A%0D%0A"Windows Security Center.FirewallOverride" , if this is found, the Security Center does not monitor the personal firewall
Functionality=This entry only wants to bring to your attention that "someone" has disabled one or more notifications in the Windows security center.%0D%0AIf youÆve changed the settings yourself you can safely tell Spybot to exclude those detections from further searches. In order to do this please right click on each in turn, then click "exclude this detection from future searches". That way, should any other part of security center settings change Spybot will still detect those. For more information please visit our forum linked above.%0D%0A%0D%0A"Windows Security Center.FirewallDisableNotify" , if this is found, the Security Center does not notify about the firewall.%0D%0AThis could have been disabled by your personal firewall to avoid double messages. If your personal firewall is up and running, you can ignore this detection
Privacy=
Description=
[Desktop.DisplayProperties]
Product=Desktop.DisplayProperties
Company=Microsoft
Threat=Display Menu Options
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Changes to these Items may hide tabs in the display properties menu. This can be caused by the use of TweakUI, manually or by other software.%0D%0APlease ignore this product from further searches if you used a tool like TweakUI.%0D%0AIf you are missing tabs in the display properties menu and don't know why, you should let spybot fix it to restore the menu tabs.
Privacy=
Description=
[Microsoft.Windows.ActiveDesktop]
Product=Windows.ActiveDesktop
Company=Microsoft
Threat=Changed Settings
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Registry changes about the activedesktop.%0D%0AIf this Item is beeing found, it does not necessarily mean an infection.%0D%0ASome Malware like CWS and Smitfraud variants change these settings. %0D%0AIt is also possible that these settings have been changed by an administrator (if you have one) or by a legitimate software
Privacy=
Description=These settings can normally not be reversed via the normal Windows User Interface.%0D%0ASome settings pose security risks and some are just annoyances.%0D%0AAlso , some settings are redundant, meaning that they can be changed at various positions in the registry thus changing one value may not be enough.
[Microsoft.Windows.Explorer]
Product=Windows.Explorer
Company=Microsoft
Threat=Changed Settings
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Registry changes about the Windows Explorer.%0D%0AIf this Item is beeing found, it does not necessarily mean an infection.%0D%0ASome Malware like CWS and Smitfraud variants change these settings. %0D%0AIt is also possible that these settings have been changed by an administrator (if you have one) or by a legitimate software.%0D%0A%0D%0AChanges to the Windows Explorer Settings include activation of the Activedesktop, Controlpanel, Taskbar, Folders and Files
Privacy=
Description=These settings can normally not be reversed via the normal Windows User Interface.%0D%0ASome settings pose security risks and some are just annoyances.%0D%0AAlso, some settings are redundant, meaning that they can be changed at various positions in the registry thus changing one value may not be enough.
[Microsoft.Windows.System]
Product=Windows.System
Company=Microsoft
Threat=Changed Settings
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Registry changes about the Windows System.%0D%0AIf this Item is beeing found, it does not necessarily mean an infection.%0D%0ASome Malware like CWS and Smitfraud variants change these settings. %0D%0AIt is also possible that these settings have been changed by an administrator (if you have one) or by a legitimate software.%0D%0A%0D%0AWindows System Registry changes include Displaysettingmenus and Controlpanel
Privacy=
Description=These Settings can normally not be reversed via the normal Windows User Interface.%0D%0ASome settings pose security risks and some are just annoyances.%0D%0AAlso, some settings are redundant, meaning that they can be changed at various positions in the registry thus changing one value may not be enough.
[SpySpotter]
Product=SpySpotter
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The programs pretends to be an anti spyware solution. However, it installs itself without user consent. When running a scan it will find several alleged viruses and ask the user to buy the full program in order to remove these.
[SpyCut]
Product=SpyCut
Company=
Threat=Trojan
CompanyURL=http://www.spycut.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an antispyware software
Privacy=
Description=same as HitVirus and Spyware Disinfector%0D%0Ainstalls cookies just to detect them, also detects personalfirewall as threat%0D%0A
[PestWiper]
Product=PestWiper
Company=SpywareNo
Threat=Trojan
CompanyURL=http://www.spywareno.com/
CompanyProductURL=http://www.pestwiper.com/
CompanyPrivacyURL=
Functionality=supposed to be an antispyare software
Privacy=
Description=badly coded and currently trial version not available,%0D%0Asame as BraveSentry, Pestrap, SpyDemolisher, Spysheriff, SpyTrooper,
%0D%0ASpywareNo and Spyware-Stop%0D%0A%0D%0Anetinstaller is always modified to avoid dectection
[Cbit-Solutions.PlayGames]
Product=Cbit-Solutions.PlayGames
Company=CBIT Solutions Ltd
Threat=Dialer
CompanyURL=http://www.cbit-solutions.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=content dialer
Privacy=not stated
Description=illegal content dialer, gets installed by trojans and other malware, runs in background%0D%0Awebsite is registered through whoisprivacyprotect.com which is a fraud, it is a cheap searchwebsite showing poupunders, maybe also popups
[Jupilites]
Product=Jupilites
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated, poses to be some Microsoft files or pictures
Privacy=
Description=connects to jupitersatellites website without screendisplay nor asking for permission%0D%0Acopies files mspostsp.exe and msupdate32.dll to systemdirectory%0D%0Aalso uses the WMF exploit to get executed through displaying of pictures on unpatched windows computers.
Also able to block serucritysoftware websites via hostsfile to prevent securitysoftware from updating.
[WorldAntiSpy]
Product=WorldAntiSpy
Company=SilverBay Management LTD
Threat=Trojan
CompanyURL=
CompanyProductURL=http://www.worldantispy.com/
CompanyPrivacyURL=not stated
Functionality=poses as an antispyware which can find "uknown" threads
Privacy=
Description=agressive, deceptice advertising, advertised through hijacker.%0D%0Awebsite lists SilverBay Management ltd. als company, but domain is registered to Distant World ltd. which has a yahoo.com email adress for contact.%0D%0Aobviously uses the word "uknown" intentionally%0D%0A%0D%0Ainstalls itself to Autostart and Systemstart%0D%0A%0D%0Aconnects withoutnotice to www.worldantispy.com and transmits statistical data.%0D%0A%0D%0Apopup after scanresult with fake thread found%0D%0Amain window shows another fake thread.
[ISearchTech.ISTactiveX]
Product=ISearchTech.ISTactiveX
Company=ISearch Technologies
Threat=Malware
CompanyURL=http://isearchtech.com/
CompanyProductURL=
CompanyPrivacyURL=not stated
Functionality=not stated
Privacy=not stated
Description=ISearchTech.ISTactiveX belongs to ISearch Technologies, it registers ClsIDs, related to activeX items from ISearchTechnologies.
Functionality=What is BullsEye?%0D%0A%0D%0ABullsEye is eXact Advertising's contextual marketing software product that delivers relevant coupons and offers to users- in clearly marked separate windows- at a time when they are most likely to be receptive to receiving them. BullsEyeÆs goal is to deliver you the offers you want, when you want them. Millions of users currently use BullsEye, saving themselves hundreds of dollars a year. It is commonly distributed along with popular consumer download applications as a means of keeping them free to the public. Millions of users currently use BullsEye, saving themselves hundreds of dollars a year.%0D%0A%0D%0AYou probably downloaded BullsEye along with a free software program you downloaded on the Internet. To keep these programs free to users, the publishers have to earn some type of revenue stream to stay in business. The publishers include BullsEye with their program to keep them free, instead of charging the users a fee for use of the product.%0D%0A%0D%0AUsers get BullsEye only when they consent to downloading it and are always clearly notified before BullsEye is installed. Each BullsEye user accepts an end user license agreement (EULA) upon download.%0D%0A%0D%0ABullsEye shows only very selective, relevant offers - the average is two offers per user per day. For example, a user searching for "wireless plans" at a search engine may receive a special offer or coupon from a wireless service provider. If you are searching for, or visiting websites related to, "tropical cruises", you may receive a special offer for "20% Off of Caribbean Cruises" from one of our advertisers.%0D%0A%0D%0AAll BullsEye offers are clearly identified as either BullsEye or BullsEye Network offers, and appear in an independent browser window to indicate that the offers are not associated with any websites the user may be viewing in a different window. This window is always outside any other windows that the user may be using to view sites or conduct other Internet activities.%0D%0A%0D%0ABullsEye uses proprietary, privacy-protecting technology that applies an ad-selection logic directly to Internet elements that the user has chosen to have on their desktop at that moment, such as words, URLs, search terms, etc.%0D%0A%0D%0ABullsEye is very easy to uninstall. It can easily be found in the Programs folder of a user's machine with a full set of uninstall instructions. Simply go to your control panel; click on ôAdd/Remove Programsö; click on ôBullsEyeö in the list of programs; and click ôRemoveö.%0D%0A%0D%0ABullsEye protects user privacy. BullsEye does not track user. BullsEye uses proprietary, privacy-protecting technology that is based on real-time Internet elements - NOT on user information. Please review eXact AdvertisingÆs Privacy Policy.%0D%0A%0D%0AWhat BullsEye is NOT%0D%0A%0D%0ABullsEye is NOT spy-ware.%0D%0A%0D%0ABullsEye is an advertisement delivery system (ADS) for relevant coupons and offers, NOT spy-ware. There are very important differences between ADS and spy-ware:%0D%0A%0D%0AADS is legitimate product that clearly discloses its presence and what it does during the installation process. It also supports many popular download programs so that they can continue to be offered free to users. In addition, BullsEye serves ads that are clearly identified as a third party offer, protects user privacy, does not track user surfing habits, and is simple to uninstall.%0D%0A%0D%0AConversely, spy-ware does not adequately disclose its presence to users during the installation process and adds little or no value to the user experience. In addition, it is extremely difficult for the average user to identify. If it shows ads, they are not branded and origins are unclear. Most importantly, spy-ware tracks user click-stream and surfing habits, and reports them to a central server where they are stored.%0D%0A%0D%0ABullsEye doesn't use a lot of bandwidth or memory on a users PC. It shares memory (RAM) with your Internet Explorer browser, and uses very little additional memory beyond that needed for your browser. Little bandwidth is used since there is no persistent communication between a users desktop and eXact's servers and since BullsEye does NOT track where individual users go and what users do online.
Privacy=BullsEye protects and respects your privacy. We collect no personally identifiable information about you or your surfing habits.
Description=Bulls Eye is very pesistent. When downloaded, the software automatically installs itself without user consent!%0D%0AThe executeables nls.exe (NaviSearch), bargains.exe (BargainsBuddy) and cashback.exe (Cashback) are launched and connect to internet immediately.%0D%0AThey are also entered into autorun and hooked to windows explorer and will be launched when the Windows Explorer is used , for example if the user navigates through folders.%0D%0AThe sites it connects to include:%0D%0Aadpopper.outblaze.com %0D%0Adownload2.us4.outblaze.com
[Vcodec.eMedia]
Product=Vcodec.eMedia
Company=EMEDIACODEC
Threat=Malware
CompanyURL=http://www.emediacodec.com/
CompanyProductURL=http://www.emediacodec.com/
CompanyPrivacyURL=
Functionality="eMedia Codec" aka "Stream Video Codec" is a multimedia compressor / decompressor.
Privacy=SOFTWARE INSTALLATION: Components bundled with our software may report to Licensor and/or its affiliates the installation status of certain marketing offers, such as toolbars, and also generalized installation information, such as language preference and operating system version, to assist Licensor in its product development. No personal information will be communicated to EMEDIACODECSOFTWARE or its affiliates during this process. Licensor may offer additional components through our version checking/update system. These components include: Toolbar, Popup advertising solution, Commercial homepage manager, Commercial messenger.
Description=Malware downloader. Installs Malware like SpyGuard, WinFixer, WinAntiVirus Pro,...
Functionality=Hit Virus is the most technologically advanced Anti-Spyware tool on the Web today.
Privacy=
Description=Dubious antispyware product. Generates false positives. Same Product as AdwarePunisher, HitSpy, RemedyAntiSpy, SpyiBlock, SystemStable, The SpyGuard, ...
[AP.SystemStable]
Product=AP.SystemStable
Company=ATLANTIC PRIMERA S.A.
Threat=PUPS
CompanyURL=http://www.systemstable.com/
CompanyProductURL=http://www.systemstable.com/
CompanyPrivacyURL=
Functionality=AP.SystemStable Scanner scans the registry, memory, all files and folders where spyware could hide and run automatically.
Privacy=
Description=Dubious antispyware product. Generates false positives. Same Product as AdwarePunisher, HitSpy, RemedyAntiSpy, SpyiBlock, The SpyGuard, ...
[SpyAxe]
Product=SpyAxe
Company=SpyAxe
Threat=PUPS
CompanyURL=http://www.spyaxe.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Spyware detection utility that nags the user to purchase.
Privacy=
Description=Nags the user to purchase. Registry keys, an executable program and a library remain in memory and harddisc when unistalled.
[KillSec]
Product=KillSec
Company=N/A
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=N/A
Privacy=N/A
Description=It installs a service and creates autorun entries which run automatically on every system startup. It collects passwords and usernames of banking pages ad send it periodically to a server. It contatcs http://85.249.22.240. It downloads additional data from that server. The original file is deleted after execution but creates a copy in the profile folder of the current user. Also it deletes the files of the internet explorer cache. It hides its own files an registry keys. It infects the exporer.exe but after restart explorer.exe is fine again.
[CoolWWWSearch.Feat2Installer]
Product=CoolWWWSearch.Feat2Installer
Company=CoolWWWSearch
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated
Privacy=not stated
Description=installs through security holes or through trojans.%0D%0Adownloads executables and updates for the CoolWWWSearch Hijacker, like resource files, advertising and other trojans, also hides files in ADS
[CoolWWWSearch.Service]
Product=CoolWWWSearch.Service
Company=CoolWWWSearch
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated
Privacy=not stated
Description=gets installed by the CoolWWWSearch.Feat2Installer, runs in background to start and maintain the hijacker.%0D%0Arestores files from hidden ADS when they get deleted or removed. also restarts the Feat2Installer for updates.
[CoolWWWSearch.Feat2DLL]
Product=CoolWWWSearch.Feat2DLL
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated
Privacy=not stated
Description=modyfied with every update, also hidden in ADS, used as basis for hijacking the browser and the desktop%0D%0Ashows popups and aggressive advertising
[SpyFalcon]
Product=SpyFalcon
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an antispyware software
Privacy=
Description=%0D%0Afinds nonexistent threats to make the user buy the software. EULA is insufficient.%0D%0AUninstaller only removes icons, it does not work. common fraud
[SpywareStrike]
Product=SpywareStrike
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an antispyware software
Privacy=
Description=%0D%0Agets installed via Smitfraud-C. infection. finds nonexistent threats to make the user pay for removal.%0D%0A
[Anti-Virus-Pro]
Product=Anti-Virus-Pro
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an antivirus software
Privacy=
Description=finds nonexistent virusinfection to make the user buy the software. common fraud
[AdwareSpy]
Product=AdwareSpy
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an antispyware software
Privacy=
Description=finds non existent threads to make the user buy the software
Functionality=Remedy Antispy is an award winning Anti-Spyware Software created by Nelroy LTD.
Privacy=
Description=Dubious antispyware product. Generates false positives. Same Product as AdwareBazooka, AdwarePunisher, HitSpy, SpyiBlock, SystemStable, The SpyGuard, ... The company Nelroy LTD is also creator of ADWareBazooka, AdwarePunisher, ...
[UnSpyPC]
Product=UnSpyPC
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an antispyware software
Privacy=
Description=shows intentional false positives on clean computers (it makes the entries and then detects them) to make user buy the full version of the software, aggressive, deceptive advertising.%0D%0Aassociated with other fraud antispyware software%0D%0Aalso installs without user consent.
[WinHound]
Product=WinHound
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an antispyware software
Privacy=Samples. %0D%0AThe Software Product may be provided with certain "Samples" intended to demonstrate use of the Software Product or provide a base starting point for use of the Software Product. Samples include macros, clip libraries, syntax definition files, or similar items%0D%0AIf Samples are provided, they are considered part of the Software Product for purposes of this EULA. However, you may use and create derivative works from Samples, provided that you do so in conjunction with your use of the Software Product, and that you maintain any copyright notices that may be incorporated within the Samples.%0D%0A
Description=aggressively advertised on suspicous websites with popups.%0D%0Ainsufficent eula in which the installation of "samples" is mentioned%0D%0Adeceptive software aimed at making the user buy the software through a fraud.
[AdwarePunisher]
Product=AdwarePunisher
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an antispyware software
Privacy=
Description=the software is beeing advertised with several rougue antispywareproducts. Adware Punisher finds nonexistent threats on a clean computer to make the user pay for the software.
[SpyContra]
Product=SpyContra
Company=SpyContra.com
Threat=Malware
CompanyURL=http://www.spycontra.com/
CompanyProductURL=http://www.spycontra.com/
CompanyPrivacyURL=
Functionality=
Privacy=This Software pretends to be an antispywareproduct. Durring installation viruses get installed along, which will be found by the program. It will not remove the threats until it has been purchased.
[Innovagest2000.XSRemover]
Product=Innovagest2000.XSRemover
Company=Innovagest 2000 ltd
Threat=Trojan
CompanyURL=http://www.innovagest2000.com/
CompanyProductURL=http://www.xsremover.com/
CompanyPrivacyURL=
Functionality=supposed to be one of the many antispyware solutions by innovagest 2000
Privacy=none stated
Description=rouge/suspect antispyware software aimed scaring users to pay for the software, same application as 1stAntivirus, Killspy , Spycontra & SpyDeface
[Innovagest2000.1stAntiVirus]
Product=Innovagest2000.1stAntiVirus
Company=Innovagest 2000 ltd
Threat=Trojan
CompanyURL=http://www.innovagest2000.com/
CompanyProductURL=http://www.1stantivirus.com/
CompanyPrivacyURL=
Functionality=supposed to be an antispyware software
Privacy=%0D%0A"In order to provide you with interactive computer billing services, 1stAntiVirus collects, uses, and shares certain information about you. This policy explains what we collect, with whom we share it, and how you can interact with 1stAntiVirus in order to ensure the accuracy of the data we collect, use, and share."%0D%0A%0D%0A"1stAntiVirus receives and stores all information that you enter on our website and our billing pages. These include a) credit card sign-up page: the URL you are purchasing goods or services from, your e-mail address, your language preference, your credit card number, its expiration date, your first name, your last name, your zip, your country, and your agreement to be bound by 1stAntiVirus's terms and conditions; You are obligated to provide 1stAntiVirus with accurate and up-to-date information, and failure to provide 1stAntiVirus with such information could void any Agreement between you and 1stAntiVirus. We use the information that you provide for such purposes as processing your purchase request, responding to customer service inquiries, loss prevention, improving our service, communicating with you, and allowing our clients to provide customer service and fulfill their obligations to you. "
Description=like all others from innovagest2000 this software is meant to be a fraud to gain money without any real working antispyware software.%0D%0A%0D%0Ashows fake entries after scan, agressively makes the user buy the software, %0D%0A%0D%0Ashares users personal data with not specified clients
[SpyGuard]
Company=
Product=SpyGuard
Threat=Malware
CompanyURL=http://thespyguard.com
CompanyProductURL=http://thespyguard.com
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Dubious antispyware product. Generates false positives to make user buy the software
Functionality=Spy iBlock is supposed to be an award winning Anti-Spyware Software.
Privacy=
Description=Dubious antispyware product. Generates false positives to make user buy the software. Same Product as AdwarePunisher, HitSpy, RemedyAntiSpy, SystemStable, The SpyGuard, ... Made by the same company who designed HitVirus.
[SpywareXP]
Product=SpywareXP
Company=Mandel Software
Threat=Trojan
CompanyURL=http://mandelprivatewhois.com/
CompanyProductURL=http://www.spywarexp.com/
CompanyPrivacyURL=
Functionality=supposed to be an antispyware software
Privacy=none stated
Description=productwebsite state software as SpywareXP, after install it is named Spyware Remover, updates are beeing downloaded from spywareremoval.ws which is not registered by Mandel Software.%0D%0A%0D%0Apopup after scan, to make user buy the software. scanresult is questionable.%0D%0A%0D%0Adomain is registered over domains by proxy which is common for deceptions%0D%0A%0D%0Arelated to alertspy.com
[SpywareQuake]
Product=SpywareQuake
Company=SpywareQuake inc
Threat=Trojan
CompanyURL=http://www.spywarequake.com/
CompanyProductURL=http://www.spywarequake.com/
CompanyPrivacyURL=
Functionality=Supposed to be an antispyware software.
Privacy=irrelevant
Description=Official demoversion appears to install normally but finds a lot of false positives, most likely intentional to make user buy the full product.%0D%0A%0D%0AStealthinstall version gets installed with Vcodec/ Zlob, also capable of reinstall via winlogon hijack and viruswarning popup.%0D%0A%0D%0A
[Vcodec]
Company=
Product=Vcodec
Threat=Malware
CompanyURL=
CompanyProductURL=http://www.vcodec.com/
CompanyPrivacyURL=
Functionality=VCodec is new generation multimedia compressor/decompressor which registers into the Windows collection of multimedia drivers.
Privacy=SOFTWARE INSTALLATION: Components bundled with our software may report to Licensor and/or its affiliates the installation status of certain marketing offers, such as toolbars, and also generalized installation information, such as language preference and operating system version, to assist Licensor in its product development. No personal information will be communicated to VIDEOCODECSOFTWARE or its affiliates during this process. Licensor may offer additional components through our version checking/update system. These components include: Toolbar, Popup advertising solution, Commercial homepage manager, Commercial messenger.
Description=Malware Downloader. Changes Zonemaps. Installs Malware like SpyAxe, PSGuard, AV-Gold and Smitfraud-C.
[Innovagest2000.SpyDeface]
Product=Innovagest2000.SpyDeface
Company=Innovagest2000
Threat=Trojan
CompanyURL=http://www.innovagest2000.com/
CompanyProductURL=http://www.spydeface.com/
CompanyPrivacyURL=
Functionality=supposed to be an legit antispyware software
Privacy=
Description=finds non existent threats on a clean computer, tries to make the user buy the full version of the software using fraud.
[DLUCA-M]
Product=DLUCA-M
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=poses as part of Service Pack 2 for WindowsXP
Privacy=
Description=It creates an autorun entry and creates the file sp2ctr.exe and dxvid.exe in Windows system directory.
[TrojanDownloader.Small.fo]
Product=TrojanDownloader.Small.fo
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Downloader connects to the internet and downloads msldf.exe and xwxload.exe
[Euniverse]
Product=Euniverse
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=poses as windows updater wiht file name wupdater.exe
Privacy=
Description=Euniverse connects to the internet without giving the user a possibility to cancel that process.
[SpyBanker]
Product=SpyBanker
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyBanker creates autorun entries to be loaded on every start up. It connects without user┤s permission to bestworldgirls-for-u.net and sends information to it. It collects banking passwords/TANs from mostly german online-banking pages.
[YazzleSudoku]
Product=YazzleSudoku
Company=Yazzle
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Is installed silently from download trojans, it is an ad supported Sudoku game. It installs the adware by running the program.
[Smitfraud-C.]
Product=Smitfraud-C.
Company=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This program installs itself through the internet and creates new desktop wallpaper. This wallpaper looks like a Windows 98 blue screen and contains a warning that the computer is infected with viruses, that one should download run a virus scanner and that the computer wouldn't work in normal mode. In addition to this one gets a desktop icon leading to a pretended anti virus application named PSGuard. Scanning the computer with this software will return a virus found (that was installed by this software itself). In order to remove this virus one has to download the full version for about 20 EUR.%0D%0A%0D%0AAnother unpleasant effect of Smitfraud-C. is that some configuration options in the Control Panel will no longer be available. This way it stops the user from changing the wallpaper and forces him to keep the blue screen. Overall Smitfraud-C is a very sneaky software trying to sell PSGuard by frightening less experienced users.
[Deskwizz]
Product=Deskwizz
Company=Deskwizz
Threat=Malware
CompanyURL=apps.deskwizz.com
CompanyProductURL=apps.deskwizz.com
CompanyPrivacyURL=N/A
Functionality=N/A
Privacy=N/A
Description=It creates autorun entries, connects randomized and every time when the user opens an IE window without user┤s permission to apps.deskwizz.com (193.189.93.14), shows popups, downloads malware like Winfixer
[Goldun]
Product=Goldun
Company=N/A
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=N/A
Privacy=N/A
Description=It installs a service and autorun entries which load every startup. It creates nkunpack.dll and nukfs.sys and hides it in the from Windows API so you cannot see the files. It connects to the internet without user┤s permission.%0D%0ARun Spybot in Safe-Mode to delete this threat.
[Network Monitor]
Product=Network Monitor
Company=N/A
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=N/A
Privacy=N/A
Description=Gets installed through the command service. Is installed without user┤s permission as service and runs in the background. Creates domains.txt and log.txt
[Freeze]
Product=Freeze
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=%0D%0Acompany provides screensavers and ringtones
Privacy=
Description=during installation WhenU gets installed too. personal userdata gets transfered through the internet
[007 Spy Software]
Product=007 Spy Software
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description="007 Spy Software" is a commercial program which empowers its user to spy a computer/another user. It logs any activities: visited websites, any keystrokes, files used, etc.. In addition it creates and saves screenshots of any activity. That way the user is heavily spied.%0D%0A%0D%0AThe program can be hidden and started by a user-defined hotkey.
[Haxdoor.gx]
Product=Haxdoor.gx
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=svcsys.dll is installed into the Windows\system32 directory, explorer is shut down few seconds after installing and also after restarting (the explorer and also after restarting the computer).
[Win32.Swizzor.dd]
Product=Win32.Swizzor.dd
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=downloads C2.lop (Hijacker) and Media Access (Hijacker), runs two connections with the IE in background. These get restarted after few seconds when closed.
[ErrorSafe]
Product=ErrorSafe
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=ErrorSafe pretends to be an antivirus programm. It mainly appears in connection with a Smitfraud-C infection and is praised on a blue screen. Having installed the software one has to accept an insufficient Privacy. There is no button to deny this privacy. A scan with ErrorSafe reveals several problems that allegedly need to be removed urgently in order to rescue the computer. At this point the user is requested to buy the whole program for an unacceptable price.
[Win32.Agent.pj]
Product=Win32.Agent.pj
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Downloads a lot of stuff, mostly some VisualBasic files. A webserver is installed on the System, which is misused as spyware.
[Win32.Tiny.ac]
Product=Win32.Tiny.ac
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=installs mspostsp.exe and msupdate32.dll into System32 directory, operates in background
[CarpeDiem Vars]
Product=CarpeDiem Vars
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This dialer establishes an expensive 0190 connection.
[eGroup.InstantAccess]
Product=eGroup.InstantAccess
Company=E-Group
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs an ActiveX application, creates URL - links on the desktop to a paying service for internet pages with porn content
[Zlob.Downloader]
Company=
Product=Zlob.Downloader
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Malware Downloader
Privacy=
Description=Trojan, which downloads and install various third-party spyware and malware to infected computers: SpyAxe, SpywareStrike, SpyTrooper, Vcodec, ...
[SunStarCasino.Kasinos]
Product=SunStarCasino.Kasinos
Company=Sun Star Casino Ldt
Threat=PUPS
CompanyURL=http://www.sunstarcasino.net/
CompanyProductURL=http://www.sunstarcasino.net/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Sunstarcasino.net promotes their installer with spam mails. The subject in their mails is something like "Rechtsabteilung", Important bill", "Legal department" etc. and so misleads and fools the user.
[SunStarCasino.PlaystarPoker]
Product=SunStarCasino.PlaystarPoker
Company=Sun Star Casino Ldt
Threat=PUPS
CompanyURL=http://www.sunstarcasino.net/
CompanyProductURL=http://www.playstarpoker.net/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Sunstarcasino.net promotes their installer with spam mails. The subject in their mails is something like "Rechtsabteilung", Important bill", "Legal department" etc. and so misleads and fools the user.
[Appwizz]
Product=Appwizz
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It installs a BHO and collects information about your computer (like windows version, your current IP), in a text file in your system directory (info.txt). It connects without user┤s permission to the internet
[Tibs.vq]
Product=Tibs.vq
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Downloads a lot of files, which are known as malware or spyware, such as killsec, smitfraud, spysheriff etc. Several .exe files are running in background, few connections to the internet are open. Port 1035 is generally opened for TCP/IP.
[Sfonditalia]
Product=Sfonditalia
Company=
Threat=Dialer
CompanyURL=http://www.sfonditalia.biz
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=Attenzione!!! il contenuto che segue Φ vietato ai minori di 18 anniproseguendo dichiari di essere maggiorenne. Clicca no per l'accesso di30 minuti al costo di quindici euro.Avrai successivamente lapossibilitα di convertirlo in un accesso di 24 ore. Cliccando si invecepotrai entrare con una connessione a tempo al costo di trecentoeurocent al minuto.Per chiudere il programma componi alt+f4. Inoltre il softwareti darα la possibilitα di partecipare a strepitosi sondaggidove potrai esprimere la tua preferenza.
Description=It's an illegal contentdialer.
[WhenU.SaveNow]
Product=WhenU.SaveNow
Company=WhenU.com, Inc.
Threat=PUPS
CompanyURL=http://www.whenu.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to show advertising without spying or frauding the user. Acts as sponsor for adsupported freeware.
Privacy=By downloading SaveNow (the "Software"), you give permission to WhenU.com, Inc. ("WhenU") to display relevant contextual pop-up ads, comparison shopping results and coupons. The Software selects which ads and offers to show you based on several factors, including: Web pages you visit, terms you enter into search engines and other online forms, content of the Web pages you view and your IP address and zip code.%0D%0A%0D%0AThe Software protects your privacy by uploading a database of content in small chunks to your desktop and then determining on your desktop whether to retrieve information from WhenU or third-party servers. To protect your privacy, the same database of content is sent to all desktops. Decisions regarding which ads to retrieve to an individual desktop are all processed on the individual user's desktop - and isolated from WhenU servers. In this way, WhenU is able to deliver to you relevant coupons, information and advertisements without sending all of your browsing activity back to WhenU and without establishing any profile about you (even anonymously) on WhenU servers.%0D%0A%0D%0AYour privacy is also protected in the following manner:%0D%0A%0D%0A%0D%0AYour personally-identifiable information is not required in order to use the Software. WhenU does not know your individual identity and does not attempt to discern it in any way.%0D%0AAs you surf the Internet, your "clickstream data" (i.e. a log of all the sites you visit) is not transmitted to WhenU or any third party server.%0D%0AWhenU does not assemble any personally-identifiable browsing profiles of you or your individual machine.%0D%0AWhenU does not assemble any anonymous machine-identifiable browsing profile of you or your machine.%0D%0AWhenU does not track which ads and offers you see as an individual user - all of our analysis and tracking of ads is done in the aggregate.%0D%0A%0D%0AThe Software does send back a limited amount of information from your desktop in order to count the number of users in our network and optimize the performance and relevance of the ads. For example, the Software may send WhenU or a WhenU partner a communication that includes information about the Webpage you were viewing when you saw or clicked on a particular ad, the term you entered into a search engine or online form and/or your IP address or zip code. WhenU has intentionally designed these communications back to WhenU or a WhenU partner to be highly protective of user privacy in the following ways:%0D%0A%0D%0AEach individual desktop is assigned an anonymous, unique machine ID. This machine ID is used only to enable WhenU to count unique, active desktops in the network. The machine ID is not used to determine which ads to serve individual users or to create browsing profiles of users.%0D%0AWhen ads are requested and/or displayed by the Software, impressions and click-throughs, including the factor (e.g., the URL, keyword, search term, zip code or some combination thereof) that caused the ad to be displayed are reported to WhenU. To protect your privacy and prevent WhenU or any third party from assembling individual user profiles or knowing which Websites you visit, your unique machine ID is intentionally excluded from these limited ad-optimization communications sent back to WhenU.
Description=WhenU.SaveNow gets installed as bundled software, shows popup advertising depending on visited websites and keywords entered into search websites like yahoo, google etc.%0D%0AIt drops links to Whenu on users computer and has possible stealth installations.%0D%0A%0D%0AWhenU.SaveNow makes numerous connections to WhenU in background.%0D%0AThe user cannot configure or stop the software via a GUI. It will run automatically at systemstart and connect to WhenU whenever it is possible.%0D%0A%0D%0AThe uninstall link in the Startmenu only opens a window which states that uninstallation is only possible through the Systemsettings add/remove menu. Normally a user would expect the uninstall link to be a real one and may not read the information stated by WhenU's infobox which looks more like an uninstall confirmation dialog.%0D%0A%0D%0A
[CoolWWWSearch.WCADW]
Product=CoolWWWSearch.WCADW
Company=CoolWWWSearch
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=none
Functionality=not stated
Privacy=none
Description=Browserhijacker that redirects the browser and adds its own bookmarks to the IE favorites%0D%0Agets installed through trojans, also helps in installation of more trojans
[CoolWWWSearch.008k]
Product=CoolWWWSearch.008k
Company=CoolWWWSearch
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=none
Functionality=not stated
Privacy=none
Description=gets installed through security holes and trojans%0D%0Ahooks up to IE and Explorer%0D%0Aalso helps other trojans and hijackers to get onto the system
[Win32.Small.AOQ]
Product=Win32.Small.AOQ
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a Telekom bill
Privacy=
Description=Downloader connects to the internet without giving the user a possibility to cancel that process and downloads the wmx_win.exe and set to run on each startup.%0D%0Adisquises itself as a bill from german Telekom
Functionality=supposed to be an award winning antispyware software
Privacy=
Description=shows a lot of false positives in demoversion, removal of "threats" can only be done after registering which requires to buy a license, the price is not that easy to find %0D%0A%0D%0APimasoft also has a site named Blackhawksoftware.com under the label of Blackhawksoftware not referencing the name Pimasoft and vice versa
[ADWareBazooka]
Product=ADWareBazooka
Company=Nelroy LTD
Threat=Malware
CompanyURL=http://www.adwarebazooka.com/
CompanyProductURL=http://www.adwarebazooka.com/
CompanyPrivacyURL=
Functionality=ADWare Bazooka is the most technologically advanced Anti-Spyware tool on the Web today.
Privacy=
Description=Dubious antispyware product. Generates false positives. Same Product as AdwarePunisher, HitSpy, RemedyAntiSpy, SpyiBlock, SystemStable, The SpyGuard, ...
[Win32.Small.ama]
Product=Win32.Small.ama
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This file contains msnscps.dll, which is installed into system32 directory. msnscps.dll is intalled as a BHO resulting in reduced security for the system.
[Win32.Horst.o]
Product=Win32.Horst.o
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=installs the downloaded file as Rumdll32.exe into the system32 directory and creates some autorun keys. Connects to the Internet without stating.
[Win32.Agent.io]
Product=Win32.Agent.io
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs a .dll into the <Windows>\system directory. This file is run as a BHO.
[Win32.PdPinch.ce]
Product=Win32.PdPinch.ce
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Seems to be only one part of a trojan. Tries to post data to an email-adress.
[Win32.Small.dp]
Product=Win32.Small.dp
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs mpcsvc.exe into the system32 directory, creates some autorun entries and adds some other entries to the registry.
[Win32.Small.hi]
Product=Win32.Small.hi
Company=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=File should download other files from the Internet.
Privacy=
Description=File runs in background. Doesn't load any file. Maybe it is just a part of the Trojan.
[Win32.VB.xj]
Product=Win32.VB.xj
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file main.exe downloads a lot of stuff, mostly Adware or Spyware (e.g. SpywareNo, Perfect Keylogger, Dynamic Desktop Media...).
[Win32.KillAV.hd]
Product=Win32.KillAV.hd
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=File seems to be damaged or a part is missing.
[Win32.Agent.air]
Product=Win32.Agent.air
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file load.exe contains another file which is installed into the System32 directory. A connection to the Internet is started and more files get loaded. The whole operation is hidden from the user.
[Teslaplus.com]
Product=Teslaplus.com
Company=
Threat=Trojan
CompanyURL=http://Teslaplus.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposedly warns from Spyware on users computers with a homepagehijack, recommends so called "top rated" Antispyware Products on website
Privacy=
Description=uses homepage-hijack to display a antispyware warning, --> aggressive advertising aimed at fooling user to buy fraud antispyware products.%0D%0Amost of the recommended antispyware programms are products of innovagest2000. associated with psguard.
[SpywareSoftStop]
Product=SpywareSoftStop
Company=
Threat=Malware
CompanyURL=http://www.spywaresoftstop.com/
CompanyProductURL=http://www.spywaresoftstop.com/
CompanyPrivacyURL=none
Functionality=supposed to be an antispyware software
Privacy=none
Description=creates files and detects them as malicious to make the user buy SpywareSoftStop
[Win32.Small.amd]
Product=Win32.Small.amd
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=File is supposed to "contain" other .exe files and leave them on the system.
Privacy=
Description=This file is maybe damaged or a part of the Trojan.
[Win32.Small.cjy]
Product=Win32.Small.cjy
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tries to download some files and to install them. These files are to small to do any harm.
[Win32.VB.xj]
Product=Win32.VB.xj
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file main.exe downloads a lot of stuff, mostly Adware or Spyware (e.g. SpywareNo, Perfect Keylogger, Dynamic Desktop Media...).
[SafetyDefender]
Product=SafetyDefender
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=http://www.safetydefender.com/
CompanyPrivacyURL=
Functionality=names itself Security Center and presents the user some "threat" and an supposedly official solution
Privacy=
Description=also known to hijack the users browser to show warning pages, to sell questionable products like malwarewipe
[Adclicker]
Product=Adclicker
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=various different supposed functions, depending on filenaming
Privacy=
Description=runs in background and adds itself to the systemstart, also connects to the internet without any display, not uninstallable via systemsettings
[Tvdpay.Hupigon.CJ]
Product=Tvdpay.Hupigon.CJ
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=filename suggest that it is related to pay tv
Privacy=
Description=no real dll, false file
[WareOut]
Product=WareOut
Company=Coteco LLC
Threat=Malware
CompanyURL=http://www.wareout.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=A supposed to be spyware removal tool. Generates reports. Shareware for US$ 49.95. WareOut can block annoying unsolicited pop-up windows before they open. Not only are pop-up ads annoying, but they steal bandwidth from your other legitimate downloads. By using WareOut, you will browse faster than before since the ads don't get downloaded.%0D%0A
Privacy=
Description=Rogue spyware removal tool. Installes without user consent. Creates fake startup run entries and detects them. Shows designated startup run entries as a threat. Produces false positives (e.g. Active Firewall). Has an uninstaller, but does not uninstall an executable temp file and the faked registry entries. Licence Agreement and Uninstall only when manually installed with the Setupfile from the web page.%0D%0Aalso gets installed by rootkit malware
[SpywareQuake.Fakealert]
Product=SpywareQuake.Fakealert
Company=
Threat=Trojan
CompanyURL=http://www.spywarequake.com/
CompanyProductURL=http://www.spywarequake.com/
CompanyPrivacyURL=
Functionality=Trojan. Faked alarm ticker.
Privacy=
Description=Trojan. System32 library. Opens a faked alarm ticker with "Your computer is infected" message. The message is pointing to www.spywarequake.com.
Privacy=Your privacy is important to us. To better protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available on our homepage and at every point where personally identifiable information may be requested. (...)
Description=installs the Key Logger. This Application records all keystrokes made during the session. It is invisible to all users, except to the one who installed the program. The logged keystokes can be stored in a previously created directory and are therefore not easy to be found. Those logfiles can be sent to a specified email-address. There is an option to generate an autorun entry so that the program starts any time the computer is started.
[VirtualMaid]
Product=VirtualMaid
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated, creates favorites to various questionable sites.
Privacy=
Description=Creates ToolBar menu in IE-Explorer and Link-Icons in Descktop, related to SpywareStormer
[CoolWWWSearch.HomeSearch]
Product=CoolWWWSearch.HomeSearch
Company=CoolWWWSearch
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated , by naming it is supposed to be a search engine
Privacy=
Description=installs various variable files, also hides them in ADS (Alternate Data Streams)%0D%0Ainstalls Browser Helper Objects to redirect the Internet Explorer to CoolWWWSearch Websites
[Dynamic Desktop Media]
Product=Dynamic Desktop Media
Company=
Threat=Hijacker
CompanyURL=http://www.dynamicdesktopmedia.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated, naming implies that it is supposed to be a multimedia application
Privacy=
Description=hijacks the Internet Explorer using a Browser Helper Object
[GAIN.Gator]
Product=GAIN.Gator
Company=Claria
Threat=Spyware
CompanyURL=http://www.gator.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=part of ad-supported software bundles
Privacy=
Description=usually gets installed with other bundled software and gathers users surfing habits and contacts various remote hosts
[MITBand]
Product=MITBand
Company=Crystalys Media Ltd
Threat=Malware
CompanyURL=http://www.crystalysmedia.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated Toolbar
Privacy=Crystalys Media Internet Assistant is an internet browsing improvement application. %0D%0A%0D%0AIt is downloaded and installed with user consent and clear acceptance of end-user licensing agreement. %0D%0A
Description=installs itself as a Browser Helper Object (BHO)%0D%0Aappears to monitor searchrequests to certain searchsites , such as search.msn.com, search.aol.com and google.com%0D%0Aconnects to its home and displays advertising on certain keywords%0D%0A%0D%0Ausers claim to not have consented to installation of Crystalys Media Software, it appearently allows stealth installations
[SpywareSheriff]
Product=SpywareSheriff
Company=SpywareSheriff.com
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=SpywareSheriff program has a combination of quick scanning and many tools for removing spyware or adware. SpywareSheriff has a innovational search technology based on fuzzy logic. We guarantee total protection for your PC.%0D%0A
Privacy=
Description=Rogue antispyware product.
[Medbot]
Product=Medbot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=poses as Windowssystem files
Privacy=
Description=trojan horse, that disguises as Windowssystem files, running in systemstart and connecting to the internet without user consent and with no display.
[Small.AID]
Product=Small.AID
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated, naming appears to be random
Privacy=
Description=also known as Small.csn%0D%0Areports indicate that it is capable of downloading other trojans%0D%0Anormally runs in background
[SpywareScraper]
Product=SpywareScraper
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=http://spywarescrapper.com/
CompanyPrivacyURL=
Functionality=supposed to be an antispyware software, demoversion works for 7 days
Privacy=
Description=detection rules are outdated and there do not appear to be updates, demo does not appear to really check for updates. Full version is priced at about 30-40$%0D%0Adoes not appear to be harmfull but since the developer does not appear to provide detection rule updates, users should not pay for this software.%0D%0Adomain is not registered to a company but to a private person, which does not appear to be referenced on the products website.%0D%0A%0D%0Athere appear to be similar applications, so there is reason to believe that this software is just a variant of one "licensed" supposed to be anti spyware products.%0D%0A%0D%0Agets detected by virusscanner as spyvyper%0D%0A
[SpyBanker]
Product=SpyBanker
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=poses as windows service.exe
Privacy=
Description=runs in the background, adds itself to systemstart , connects to the internet and listens for incoming connections.%0D%0Awrites textfiles and names them as dlls.
[Win32.Dialer.jw]
Product=Win32.Dialer.jw
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This file drops a dialer known as Baciami. It changes your IE-Startpage and changes your security settings in the registry (Zonemaps).
[Win32.Lmir.atp]
Product=Win32.Lmir.atp
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Creates a .log-file in the Windows-directory, which includes code for a .exe file. The installer vanishes after creating that file.
Functionality=supposed to be award winning Anti-Spyware softwre
Privacy=nothin special about privacy policy%0D%0A%0D%0A
Description=registrant for website and contact adress differ, registrant for website is "Daniel Ocean" which is most likely a name taken out of the movie Oceans Eleven%0D%0A%0D%0ASoftware is poorly made, bad/outdated detectionrules, even after successful update the detection rules are dated the same as before.%0D%0A%0D%0Afor a award winning software, the publisher has little confidence in the product to release such a no warranty in the Eula:%0D%0A6. NO WARRANTY. The Software is being delivered to you "AS IS" and BraveSentry makes no warranty as to its use or performance. BraveSentry AND ITS SUPPLIERS DO NOT AND CANNOT WARRANT THE PERFORMANCE OR RESULTS YOU MAY OBTAIN BY USING THE SOFTWARE. EXCEPT FOR ANY WARRANTY, CONDITION, REPRESENTATION OR TERM TO THE EXTENT TO WHICH THE SAME CANNOT OR MAY NOT BE EXCLUDED OR LIMITED BY LAW APPLICABLE TO YOU IN YOUR JURISDICTION, BraveSentry AND ITS SUPPLIERS MAKE NO WARRANTIES CONDITIONS, REPRESENTATIONS, OR TERMS (EXPRESS OR IMPLIED WHETHER BY STATUTE, COMMON LAW, CUSTOM, USAGE OR OTHERWISE) AS TO ANY MATTER INCLUDING WITHOUT LIMITATION NONINFRINGEMENT OF THIRD PARTY RIGHTS, MERCHANTABILITY, INTEGRATION, SATISFACTORY QUALITY, OR FITNESS FOR ANY PARTICULAR PURPOSE. %0D%0A%0D%0Awhich means, the software could be useless.
[Win32.Delf.KD]
Product=Win32.Delf.KD
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=%0D%0Athe program installs itself into the systemdirectory and contacts a server in the internet to transmit userdata. the program also uses a lot of systemresources and slows the computer down.
[Desktop Snooper]
Product=Desktop Snooper
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Desktop Snooper monitors all userinteractions. It is running in background, logs the keys, monitors internetconnections, records websites, makes screenshots on a regular basis , thus secretly documenting the users habits.
[SpyArsenal.AIM Logger]
Product=AIM Logger
Company=Spyarsenal
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AIM Logger records all messages through AIM, wihtout user consent. These logs can be send silently via email.
[SpyArsenal.ICQ Logger]
Product=ICQ Logger
Company=Spyarsenal
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=ICQ Logger records all conversations on ICQ without user consent, it is able to transmit these records secretly to an email adress.
[SpyArsenal.Yahoo Logger]
Product=Yahoo Logger
Company=Spyarsenal
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Yahoo Logger records all conversation on the Yahoo Messanger without user consent. It is also capable of sending the records secretly to an email adress.
[SpyArsenal.IRC Logger]
Product=IRC Logger
Company=Spyarsenal
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=IRC Logger records all conversation on IRC without user consent. It is also capable of sending the records secretly to an email adress.
[SpyArsenal.Personal Desktop Spy]
Product=Personal Desktop Spy
Company=Spyarsenal
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Personal Desktop Spy runs hidden in background and regularly makes screenshots, which can be sent secretly by email.
[SpyArsenal.Family Keylogger]
Product=Family Keylogger
Company=Spyarsenal
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Family Keylogger installs itself to the systemdirectory and runs hidden in background. It records all keystrokes without the users knowledge or consent.
[SpyArsenal.Print Monitor Pro]
Product=Print Monitor Pro
Company=Spyarsenal
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This program secretly records all documents that were queued for printing. It is capable of making itself invisible to evade detection.
[SpyArsenal.Watcher]
Product=Watcher
Company=Spyarsenal
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This software records pictures taken by the users webcam without his knowledge or consent.
[SysProtect]
Product=SysProtect
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=suposed to be an antivirus software
Privacy=
Description=the demoversion finds a lot of false "threats" to make the user buy the software to remove these found "threats"
[SpyOnThis]
Product=SpyOnThis
Company=not stated
Threat=Malware
CompanyURL=http://spyonthis.net/
CompanyProductURL=http://spyonthis.net/
CompanyPrivacyURL=
Functionality=supposed to be an antispyware software
Privacy=not privacy statement
Description=related to SpywareBomber, %0D%0Awebsite and software do not reveal the commercial character of the software until the user tries to use it to fix a found item, fixing is only possible after registration, regardless of userinteraction upon the dialog , the internetexplorer opens and goes to the registration site which is NOT linked on the website.%0D%0Aalso domain is registered over domains by proxy which is not a valid option for a proper company.%0D%0A%0D%0Aalso uses domain hijack-this.net to promote SpyOnThis, thus exploiting the name of HijackThis
[SpywareSheriff.FakeAlert]
Product=SpywareSheriff.FakeAlert
Company=
Threat=Trojan
CompanyURL=http://www.spywaresheriff.com/
CompanyProductURL=http://www.spywaresheriff.com/
CompanyPrivacyURL=
Functionality=Trojan
Privacy=
Description=Family of Trojans. System32 libraries. Installs pictures and drops faked malware samples. "Danger" or security warnings pointed to faked malware samples aimed at fooling the user, to make him buy the product. %0D%0AThe messages are related to spywaresheriff.com or antispylab.com
[Win32.Agent.xv]
Product=Win32.Agent.xv
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Uses the svchost.exe as Backdoor to download and install files from a website via php-script.
[Win32.Small.aoi]
Product=Win32.Small.aoi
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file installs .exe files into the temp directory and installs a dialer, which immediately to the Internet.
[SpyiBlock]
Product=SpyiBlock
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This program is offered together with some other unserious antispyware solutions. When it is installed it starts a scan where several alleged spyware cookies and riskware are found (on a clean PC). In order to remove these threats the user is asked to purchase the program and register.
[Lagos]
Product=Lagos
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It that redirects the browser%0D%0Agets installed through trojans, also helps in installation of more trojans (Good.Microsoft, TIBS etc)
[AproposMedia]
Company=PeopleOnPage
Product=AproposMedia
Threat=Malware
CompanyURL=peopleonpage.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=This is a sidebar for InternetExplorer that claims to display a list of other users on the site currently visited.
Privacy=
Description=AproposMedia downloads several pieces of malware from the internet, creates autorun entries and starts on each Windows startup without user awareness. It also creates several files in the system folder and installs to c:\Program Files\AutoUpdate\ without asking the user for permission or him taking note of it.
[Microsoft.Windows.RedirectedHosts]
Product=Windows.RedirectedHosts
Company=
Threat=Hijack
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Hijackers often use the hosts file to redirect websites to other ipadresses, commonly antivirus vendors get blocked by hijackers
[Baciami]
Product=Baciami
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=A dialer is installed on the system with an autorun entry in the registry. The Internet Explorer Startpage is also changed to a porn-site.
[EverestPoker]
Product=EverestPoker
Company=EverestPoker
Threat=PUPS
CompanyURL=http://www.everestpoker.com
CompanyProductURL=http://www.everestpoker.com
CompanyPrivacyURL=
Functionality=
Privacy=
Description=EverestPoker.com promotes their installer with spam mails. The subject in their mails is something like "Rechtsabteilung", Important bill", "Legal department" etc. and so misleads and fools the user. They don┤t control the majority verification.
[Kazaa.Irc.DarkIrc11.LiteStalky]
Product=Kazaa.Irc.DarkIrc11.LiteStalky
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Kazaa.Irc.DarkIrc11.LiteStalky gets installed without user consent. It creates an autorun entry and creates the file zgfghghgfo.dll in Windows system directory, can also download and execute other software.
[FServices]
Product=FServices
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It creates an autorun entry and creates the filefservice.exe, sservice.exe in Windows system directory, can also download and execute other software.
Privacy=If you are visiting the IST website (slotch.com) and you search the internet from the website, we collect the following information: your Internet Protocol ("IP") address, which may include a domain name; the name of and information about any advertisement that brought you to the IST website; searches you perform, links you click on; and computer and connection information such as browser type and version, operating system, and platform. We also transmit cookies to your computer so we can know your browser's language, the version of our site you viewed and the country you are from.
Description=ISearchTech.ISTDownload connects to www.ysbweb.com after execution and the file istdownload.exe has many malicious references to known Spyware, Trojans and other Malware. Also downloads several programs from the internet and installs them in the background.
[PWS.PDPinch]
Product=PWS.PDPinch
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan searches the complete computer for passwords and saves them in a file in C:\out.bin. Should there be an antivirus and/or firewall application running in the background it will try to disable these programs.%0D%0AAdvice: In order to avoid abuse you should immediately change all saved passwords.
[Elitum.EliteBar]
Product=Elitum.EliteBar
Company=Networld One
Threat=Trojan
CompanyURL=http://www.searchmiracle.com/
CompanyProductURL=http://searchmyrequest.com/
CompanyPrivacyURL=
Functionality=BHO, Searchbar
Privacy=not available%0D%0A%0D%0A%0D%0ACompanyinfo:%0D%0ANetworld One%0D%0ARohbani, Bobby mtvdd@yahoo.com%0D%0A6448 Lubao Ave%0D%0AWoodland H, CA 91367%0D%0AUS%0D%0A818-381-1355%0D%0A%0D%0A%0D%0Aalso lots of domains registered to %0D%0A%0D%0A emi, jason searchsupport1@gmail.com%0D%0A 6448 Ervin Ave%0D%0A Woodland H, CA 91367%0D%0A US%0D%0A 818-704-1411
Description=This trojan causes IE 5.5 as well as IE 6 to stall the entire system.%0D%0A%0D%0Anewer variants also install dialers, download additional files , cause system services to fail and shut down%0D%0Arenders windows explorer partially unusable%0D%0Ainstalls searchbar in IE, shows popups and various errormessages from failing system services, also hijacks services and connects to the internet
Description=renames and copies itself into system-directory, renames itself after each execution, also adds itself to Autorun
[MiniMo]
Product=MiniMo
Company=MoSucker
Threat=Backdoor Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=MoSucker is a remote Administration tool.
Privacy=The use of MiniMO and any of it's related components constitutes acceptance of the following terms and conditions.%0D%0APLEASE READ CAREFULLY.%0D%0A%0D%0AMoSucker software is freeware, ander therefore is being provided without charge for non-commercial purposes.%0D%0AAccordingly, it's author(s) SHALL NOT BE LIABLE UNDER ANY CIRCUMSTANCES OR UNDER ANY LEGAL THEORY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES THAT MAY BE SUFFERED BY YOU OR ANY OTHER USER IN CONNECTION WITH OR AS A RESULT OF ANY RELATED INFORMATION OR PRODUCTS, REGARDLESS OF HOW SUCH DAMAGES MAY ARISE.%0D%0A%0D%0AThis program is not to be used on any computer without the owner's permission. It is the user's responsibilty to familiarize themselves with local laws and ISP regulations that apply to the use of remote administration tools such as MiniMo
Description=Do not mix up this with Minimo (Minimozilla).%0D%0A%0D%0AMiniMo client enables remote users to access an MiniMo server and access files, processes, edit and fake error messages.
[DialXLite]
Product=DialXLite
Company=not stated
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Dialer
Privacy=not available
Description=illegal content dialer
[PrinceAli]
Product=PrinceAli
Company=not available
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=extension creator
Privacy=not available
Description=gets detected by Antivirus, supposed function does not work.
[nPrank]
Product=nPrank
Company=not available
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not available
Privacy=not available
Description=shows porn picture and disables all other programs, windows needs to be restarted.%0D%0Acopies itself as javasvc.exe into system-directory, and adds itself to systemstart.%0D%0Aautostarts before any other application after reboot.%0D%0Aremoval can be done in safemode.
[FakeLogin.Gen]
Product=FakeLogin.Gen
Company=not available
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Instant Messanger
Privacy=not available
Description=This trojan tries to connect to internet - it does not appear on screen. Supposed instant messanger functions do not exist.
[CleverIEHooker.Jeired]
Product=CleverIEHooker.Jeired
Company=Central Media
Threat=Hijacker
CompanyURL=http://www.centralmedia.ws/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=unknown
Privacy=C.M. provides Internet advertising management solutions to some of the Internet's most popular software programs. C.M. provides hosting, optimization, and general advertising management solutions for a wide variety of applications.%0D%0A%0D%0AIf you are currently receiving advertisements delivered by C.M. through an application distributed by one of our partners and would like to stop receiving these ads, please review the End User License Agreement of the application you downloaded for uninstall instructions, or visit www.download.com for information on available ad-blocking software. Please feel free to contact us for further support inquiries or learn more about advertising solutions by clicking here.
Description=The application connects to ads.centralmedia.ws without asking the user. It does not appear to have any other purpose. Variants can also Hijack the IE.
[PWSteal]
Product=PWSteal
Company=not available
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Microsoft Instant Messanger
Privacy=not available
Description=runs in background, accesses dlls for internet connectivity, detected by Nortonantivirus as PWSteal.Trojan, poses as Microsoft Instant Messanger.
[Instant Access]
Product=Instant Access
Company=EGCOMSERVICE
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not available, no informatioin could be found%0D%0Ano information about company
Privacy=not available
Description=When Instant Access is triggered to run, it may communicate to other components of the adware/dialer which is already installed and activate them or prompts for downloading.
[Zango]
Product=Zango
Company=Zango
Threat=Adware
CompanyURL=http://www.zango.com/
CompanyProductURL=http://www.zango.com/
CompanyPrivacyURL=http://www.zango.com/
Functionality=Zango is labeled adware that enables access to more Zangocontent and software.%0D%0A
Privacy=While Zango Software is installed on your computer it generates logs of your web browsing activity, including web pages you have visited and the order in which you visited these pages. These logs may be uploaded to ZangoÆs servers, along with an anonymous user ID assigned to the Zango Software installed on your computer (your ôAnonymous User IDö). These logs and your Anonymous User ID are referred to collectively as ôUsage Data.ö Zango may use Usage Data for market research purposes and to provide you with content specifically targeted to your interests at times when we think the content is most relevant. Zango may store Usage Data on our servers, for our use, and may aggregate Usage Data from these logs and share the aggregate data with third parties. The Zango Software will also put a "cookie" on your machine so that we are able to recognize you and display appropriate targeted websites. A cookie is a small amount of data that ZangoÆs servers transfer to your browser and that only ZangoÆs servers can read.
Description=during installation zango used to connect to bis.180solutions.com to access updates, this happened without user consent. %0D%0AThe checkbox to agree to the EULA is already preselected.%0D%0Athere is no common way to disable zango once it is installed, the user cannot configure its behaviour. It is added to systemstart and cannot be disabled through a common interface or contextmenu.%0D%0Auninstallation via add/remove from windows systemsettings is possible but usually leaves a registry key on the computer. Also AFTER successful uninstall, zango tries to connect to a zango server for statistical analysis on uninstalls.%0D%0Adeactivated internetconnection used to impair uninstall procedure.%0D%0A%0D%0A180Solutions is not to be trusted
[180Solutions.SearchAssistant]
Product=180Solutions.SearchAssistant
Company=180Solutions, Inc.
Threat=Spyware
CompanyURL=http://www.180solutions.com/
CompanyProductURL=http://www.180solutions.com/
CompanyPrivacyURL=http://www.180solutions.com/
Functionality="180search Assistant" is a permission-based search assistant application that provides access to a wide range of websites, applications and information powered by 180solutions, Inc. ("180solutions"). This means that 180search Assistant will periodically direct you to our sponsors' websites. 180search Assistant will collect information about the websites you visit, but will not collect any information that will be used by 180solutions to identify you personally. The information that 180search Assistant collects and transmits to 180solutions will be used to provide you with access to comparative shopping opportunities at times when we consider them most relevant. 180search Assistant can be uninstalled at any time by going to the "Add/Remove Programs" menu on your computer and clicking the "Remove" button next to the entry or entries for 180search Assistant.
Privacy=Opt In Information. Occasionally, 180solutions may display additional questions to you, inviting you to opt in and supply information that may include demographic information. This demographic information may include, but is not limited to, your age, gender, geographic region and interests. This demographic information is linked to your Anonymous User ID, and is not connected or linked to information that will be used to identify you personally. Any answers you supply are covered by this privacy policy. 180solutions uses this information to learn more about its audience and may share this information with third parties. 180solutions also uses this demographic information to provide you with content and information most likely to be relevant to you.%0D%0A%0D%0AIP Addresses. Your use of the 180search Assistant software will involve the transmission of your Internet protocol address ("IP Address") to 180solutions' servers. This IP Address is necessary for communication with you via the Internet and may be used and stored on our servers. With the cooperation of your Internet service provider, it is possible for your IP Address to be used to identify you personally, however, 180solutions agrees that it will not use it for this purpose, unless required to by law.%0D%0A%0D%0AThird Party Collection. We may use other third party services to assist us in providing targeted websites to you. These services may place cookies on your hard drive and use the cookies to tailor delivery of these websites to you by profiling your use of a site or advertisements that you select. These services may collect information such as your IP address, your browser type and the date and time that targeted websites were served to you. You should refer to the websites and privacy policies of the services we use, which may include, but are not limited to: Doubleclick, 24/7 Connect, Fastclick, and Commission Junction. To learn about how they collect and use information visit
Description=Renaming the zanu.exe to searchassistant.exe causes the file to register itself as searchassistant in Sytemstart. Also the boomerangg.exe is installed in the windowsdirectory under a variable filename, it is also registered in Systemstart with this variable value. Boomerang.exe does not show up on screen. User IS asked for consent prior to installation of searchassistant but not for Boomerang.%0D%0AAlso the searchassistant.exe has no option for shutting itself down. And since it is also in Systemstart it will practically always run and will always look for updates on 180Solutions Server and install them without user consent.%0D%0A%0D%0ADepending on the filename the searchassitant has, the behavior may differ a bit. Some variant do NOT ask for any consent and they do NOT show any licesense agreement or privacy policy.%0D%0ASome variants also do not install the Boomerang.exe%0D%0A%0D%0Afilename variants for the searchassistant.exe are:%0D%0Azanu.exe%0D%0Azango.exe%0D%0Amsbb.exe%0D%0Asac.exe%0D%0Asau.exe%0D%0Abmrg.exe%0D%0Asaap.exe%0D%0A180sa.exe%0D%0Asahra.exe%0D%0A180ax.exe%0D%0Asamds.exe%0D%0Asain.exe%0D%0Asaip.exe%0D%0Asahrb.exe%0D%0Asahrc.exe%0D%0Asahrd.exe
[180Solutions.SearchAssistant.Boomerang]
Product=180Solutions.SearchAssistant.Boomerang
Company=180Solutions, Inc.
Threat=Spyware
CompanyURL=http://www.180solutions.com/
CompanyProductURL=http://www.180solutions.com/
CompanyPrivacyURL=http://www.180solutions.com/
Functionality=not stated
Privacy=Opt In Information. Occasionally, 180solutions may display additional questions to you, inviting you to opt in and supply information that may include demographic information. This demographic information may include, but is not limited to, your age, gender, geographic region and interests. This demographic information is linked to your Anonymous User ID, and is not connected or linked to information that will be used to identify you personally. Any answers you supply are covered by this privacy policy. 180solutions uses this information to learn more about its audience and may share this information with third parties. 180solutions also uses this demographic information to provide you with content and information most likely to be relevant to you.%0D%0A%0D%0AIP Addresses. Your use of the 180search Assistant software will involve the transmission of your Internet protocol address ("IP Address") to 180solutions' servers. This IP Address is necessary for communication with you via the Internet and may be used and stored on our servers. With the cooperation of your Internet service provider, it is possible for your IP Address to be used to identify you personally, however, 180solutions agrees that it will not use it for this purpose, unless required to by law.%0D%0A%0D%0AThird Party Collection. We may use other third party services to assist us in providing targeted websites to you. These services may place cookies on your hard drive and use the cookies to tailor delivery of these websites to you by profiling your use of a site or advertisements that you select. These services may collect information such as your IP address, your browser type and the date and time that targeted websites were served to you. You should refer to the websites and privacy policies of the services we use, which may include, but are not limited to: Doubleclick, 24/7 Connect, Fastclick, and Commission Junction. To learn about how they collect and use information visit
Description=Boomerang.exe gets installed with a variable filname, gets added to systemstart and runs in the background. Boomerang.exe gets installed along with some versions of 180Solutions.SearchAssistant without user consent or any description of it. It is used for persistence.%0D%0AAprox 4:10 minutes after 180Solutions.SearchAssistant is not running anymore, the Boomerang.exe gives a warining that 180Solutions Software has been uninstalled without user consent and suggests to reinstall.%0D%0ABoomerang.exe redownloads the 180Solutions.SearchAssistant to the same folder it is executed in, normally the windowsdirectory.%0D%0A%0D%0A
[180Solutions.MediaGatewayX]
Product=180Solutions.MediaGatewayX
Company=180Solutions
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to enable access to free content
Privacy=not stated
Description=part of 180 Solutions, known for 180Solutions.SearchAssistant,%0D%0Aaffiliatated with hijacking and frauding users.%0D%0Amost likely used for spying on user habits.%0D%0Athere appear to be no valid downloadsites for MediagatewayX
[AdDestroyer]
Product=AdDestroyer
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=AdDestroyer is supposed to block popups
Privacy=
Description=After installation the software connects to www.spywarelabs.com and opens a ssl connection to www.spywarelabs.com.%0D%0AIt does not prevent popups%0D%0A%0D%0Arelated to Vbouncer
Functionality=Avatar Resources, owned by QTech, Ltd., an Anguilla corporation, is a marketing implementation provider and partner. It provides targeted rich-media advertising to website publishers.
Privacy=Our Commitment to Privacy%0D%0A%0D%0AYour privacy is important to us. In order to insure your privacy we are providing this notice to explain our information collection practices%0D%0A%0D%0AThe Information We Collect%0D%0A%0D%0AThis notice applies to all information collected or submitted on the Avatar Resources website and the Avatar Resources contextual marketing platform. The types of personal information collected at these pages are:%0D%0A%0D%0AIP address%0D%0AURLs visited%0D%0A%0D%0AHow We Use Information%0D%0A%0D%0AThis information is only used to track website usage and target advertisements.%0D%0A%0D%0AWe use non-identifying and aggregate information to better design our website and to share with advertisers.%0D%0A%0D%0AIn order to offer our advertisers targeted advertising we need to show them the sites in the category of their target audience. No other personal information is shared.%0D%0A%0D%0APlease note: Our site may contain links to other web sites. Avatar Resources is not responsible for the privacy practices or the content of such Web sites.%0D%0A%0D%0AFinally, we never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses.%0D%0A%0D%0AOur Commitment to Data Security%0D%0A%0D%0ATo prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.%0D%0A%0D%0AOur Commitment to Children's Privacy:%0D%0A%0D%0AProtecting the privacy of the very young is especially important. For that reason, we never collect or maintain information at our website from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.
Description=AdRoarPlugin connects to the internet without user consent showing popup windows.
[Adware.ZioCom.B]
Product=Adware.ZioCom.B
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated
Privacy=not stated
Description=This malware copies itself with a random name to a random subfolder of the systemdirectory, adds itself to systemstart and is registered as a service. this way it is very hard to remove and automatically starts with the pc.%0D%0Ait is not possible to normally shut down this malware since it is running as a service. also removal requires a reboot to windows safe mode and run spybot.%0D%0A%0D%0AZioCom also starts the InternetExplorer in background and will load updates of itself when required.%0D%0A
Functionality=How we distribute ContextPlus-Supported Software and the ContextPlus AdServer%0D%0AThe distribution of the ContextPlus AdServer may occur directly or through third-parties partners in several different ways including: a) by downloading software from a Web site and b) by clicking to download software from online advertising.%0D%0A%0D%0A%0D%0AHow we display ContextPlus Ads%0D%0AMany ContextPlus Ads are displayed on computer screens on behalf of advertisers who compete with the company whose Web pages the Third-Party ContextPlus-Supported Software user may be viewing or may have recently viewed. %0D%0A%0D%0ACP displays ContextPlus Ads on computer screens in a variety of ways. The ContextPlus Ad formats we may use include, among others, the following:%0D%0A%0D%0A%0D%0A Pop-Up or Pop-Under Windows appear as windows on top of or beneath other windows on the computer screen. %0D%0A Pop-Up Slider Windows appear as floating images on top of other windows on the computer screen. %0D%0A%0D%0A%0D%0AHow ContextPlus AdServer Works%0D%0AWhen running on a computer the ContextPlus AdServer regularly communicates with CP servers, and in some cases, third party servers, among other reasons, to:%0D%0A%0D%0A1. Maintain/Update the ContextPlus AdServer; %0D%0A2. Facilitate the installation and removal of the ContextPlus AdServer; %0D%0A3. Retrieve content and ads for display; %0D%0A4. Facilitate various ContextPlus AdServer features; %0D%0A5. Collect anonymous Subscriber usage information; and/or %0D%0A6. Update Subscriber information. %0D%0A%0D%0ATo improve the features or functions of the ContextPlus AdServer and/or third-party ContextPlus-Supported Software, we may occasionally install and/or update software components, such as certain rich media player applications, browser plugins, virtual machines, and runtime environments (such as Mircosoft's .NET software or Java).
Privacy=Here's what we do know...%0D%0AWhile we don't know the identity of Subscribers, the ContextPlus AdServer and CP collect and use the following kinds of anonymous information:%0D%0A%0D%0A%0D%0A Some of the Web pages viewed %0D%0A The amount of time spent at some Web sites %0D%0A Response to ContextPlus Ads %0D%0A Standard web log information (including IP Addresses and system settings %0D%0A What software is on the personal computer %0D%0A
Description=has executables, that run without any screendisplay in background, connection without asking to the internet and creating registry keys and files with random names to elude detection%0D%0A%0D%0Athe ammount of information collected is more than necessary, also privacy states, that additional installation of 3rd party software is possible ,which may not require further user consent.%0D%0A--> Apropos.ContextPlus could install what they want, when they want and sell "anonymous" Information gathered on users computer.%0D%0A%0D%0AUninstallation requires email contact to ContextPlus Support, which will then send the uninstaller --> Uninstaller is not packed with the installer and is not normally downloadable
[Banker.FakeMSNMessanger]
Product=Banker.FakeMSNMessanger
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=made to look like MSN Messanger
Privacy=
Description=upon execution the file opens the internet explorer and loads a page with a picture. and tries to establish a ftp connection to IPAddress 61.82.16.62%0D%0Aalso some windows policysettings are beeing changed:%0D%0Athe startmenu is changed to not changeable%0D%0Alogging off is beeing disabled%0D%0Ataskmanager is beeing disabled%0D%0Ashutdown button is beeing removed and disabled
[BeastDo.Pztrain]
Product=BeastDo.Pztrain
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=According to the filename it is supposed to be a trainer for the game GTA San Andreas but it is not.%0D%0A%0D%0Areal pztrain.exe for GTA San Andreas: pztrain.exe,filesize=71949,md5=5C23599094FCCBA31C0E597FA8A48824%0D%0A%0D%0Afake: pztrain.exe, filesize=206294,md5=4CE711FD192961CEE4B659E444D09E24%0D%0Afake 2: pztrain.exe, filesize=72150,md5=EF431F7267CFAD46FD52455B41802E20 location is in Systemdirectory
Privacy=
Description=This trojan installs itself to system folder and renames itself to expl0rer.exe, adds itself to systemstart and runs itself.%0D%0AAlso, it copies a fake pztrain.exe into system folder and a sp00lsv.exe.%0D%0A
[Bloodhound.WMF]
Product=Bloodhound.WMF
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=poses as picture
Privacy=
Description=uses the wmf exploit, connects to internet and tries to download and execute files.
[CallingHome.biz]
Product=CallingHome.biz
Company=CallingHome, Inc.
Threat=Malware
CompanyURL=http://www.callinghome.biz/
CompanyProductURL=
CompanyPrivacyURL=not stated
Functionality=This piece of malware is an installing utility for www.callinghome.biz.
Privacy=not stated
Description=The application comes with a random file name via other malware. It connects to internet and downloads thnall1l.exe from static.callinghome.biz which then downloads the file multimpp.cab from download.abetterinternet.com.
Privacy=
Description=domain is registered over domains by proxy, this is not valid for a normal company%0D%0A%0D%0Ashows ridiculous false positives to make user purchase
[Win32.AdvertMen]
Product=Win32.AdvertMen
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=[...] 9. OTHER SOFTWARE. You allow that third party software may be installed with the Software and that advertismen.com shall not be liable to anyone with respect to such third party software. [...]
Description=The downloaded file installs a file called pushow62.dll which contains code for an executable file. There are hints, that browser settings may be changed as well.
[GrayPigeon]
Product=GrayPigeon
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=.exe runs in background and is hidden in program files directory, it is also started as a service.%0D%0Ait also connects to chinese ip adresses over different ports
[Downloader.Delf]
Product=Downloader.Delf
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=detected by antivirus as trojan, executeable is hidden, appears to be of chinese origin
[DiabloKeys]
Product=DiabloKeys
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=software hides itself and adds itself to systemstartup, it loggs various keystrokes and stores them in log files, it also stores remote access passwords
[Smitfraud-C.AntiFirewall]
Product=Smitfraud-C.AntiFirewall
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated functionality
Privacy=
Description=connects to the internet, downloads and starts a couple of scripts.%0D%0Athese scripts are placed in c:\ and carry variable names but are usually identical.%0D%0A%0D%0Athis malware also deletes RegistryKeys for SharedAccess, thus disabling the Windows Firewall, also deletes a Legacy Key.%0D%0Areenabling the Windows Firewall requires workaround.
[Bancos]
Product=Bancos
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Bancos is named to look like a Windows System Service
Privacy=
Description=runs in background, adds itself to systemstart and connects to the internet in background
[SpyFalcon.FakeAlert]
Product=SpyFalcon.FakeAlert
Company=
Threat=Trojan
CompanyURL=http://www.spyfalcon.com/
CompanyProductURL=http://www.spyfalcon.com/
CompanyPrivacyURL=
Functionality=Trojan.
Privacy=
Description=Trojan. System32 library. Generates a faked alarm ticker with "Your computer is infected" message. The message is pointing to www.spyfalcon.com.
[PestTrap]
Product=PestTrap
Company=SS Development
Threat=PUPS
CompanyURL=http://www.pesttrap.com/
CompanyProductURL=http://www.pesttrap.com/
CompanyPrivacyURL=
Functionality=PestTrap an award-winning spyware removal utility will help you fighting all kinds of spyware and adware including keyloggers, trojan horses, password thieves and on.
Description=Same company as Winfixer and WinAntiVirusPro2006.%0D%0A%0D%0AAggressive Advertising aimed at fooling the user, to make him buy the product.%0D%0A%0D%0AAdvertising implies, that the users computer is beeing scanned and threats are beeing found.
[Winsoftware.WinFixer2006]
Product=Winsoftware.WinFixer2006
Company=WinSoftware Inc.
Threat=Malware
CompanyURL=http://winsoftware.com/
CompanyProductURL=http://winsoftware.com/
CompanyPrivacyURL=
Functionality=WinFixer2006 is a scan utility that nags the user to purchase.
Privacy=
Description=Aggressive Advertising aimed at fooling the user, to make him buy the product.%0D%0A%0D%0AAdvertising implies, that the users computer is beeing scanned and threats are beeing found.%0D%0A%0D%0ARogue antispyware product, that generates false positives.
[Spyware Disinfector]
Product=Spyware Disinfector
Company=SpywareDisinfector.com
Threat=Trojan
CompanyURL=http://www.spywaredisinfector.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an antispyware software
Privacy=
Description=marks personal firewall as "riskware" , installs tracking cookies and flags them --> uses fraud to make users buy the software%0D%0Aapears to be the same as HitVirus
[Winsoftware.WinAntiVirusPro2006]
Product=Winsoftware.WinAntiVirusPro2006
Company=WinSoftware
Threat=Malware
CompanyURL=http://winsoftware.com/
CompanyProductURL=http://www.winantivirus.com/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Same company as Winfixer and WinAntiSpyware 2005.%0D%0A%0D%0AAggressive Advertising aimed at fooling the user, to make him buy the product.%0D%0A%0D%0AAdvertising implies, that the users computer is beeing scanned and threats are beeing found.
[Carima Enterprises]
Company=Carima Enterprises Limited
Product=Carima Enterprises
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This is a dialer whose installer is generated from the server. A major part of the known products have the same pattern. It creates a desktop icon which leads to a web site where you are asked to dial an expensive 0190 number. Furthermore an .exe file is created in the Windows folder that starts on Windows startup.
[Prorat]
Product=Prorat
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Prorat is a trojan that tries to record keystrokes and opens a remote connection to a server. So it is possible to attack, harm and spy out the computer by using a internet connection.
[AIMaster]
Product=AIMaster
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AIMaster is a tool to spy out people using the AOL Instant Messenger. By using AIMaster it is possible to see what people are writing about and additionally it is possible to harm the victim's computer.
[Tiny]
Product=Tiny
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tiny records all keystrokes without user consent
[Stealth Keylogger]
Product=Stealth Keylogger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Stealth Keylogger runs as a hidden process in the background and records all keystrokes made by the user. Additionally Stealth Keylogger takes Screenshots oall few seconds and tries to observate the user.
[Elitec]
Product=Elitec
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Elitec is a Keylogger that process runs in a hidden mode. It records all keystrokes and tries to spy on the user
[SC Keylog]
Product=SC Keylog
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SC Keylog is recording every kind of keystrokes without the agreement of the user.
[Keyboard Spectator]
Product=Keyboard Spectator
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Keyboard Spectator monitors the computer without the user┤s knowledge nor consent. Regularly screenshots and keystrokes los are beeing taken.
[I Spy Now]
Product=I Spy Now
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=I Spy Now monitors the computer, makes screenshots and logs keystrokes.
There is a note during installation which states that all users using the computer should be informed about this software beeing installed, but since the software has no means of securing this, this note hast no meaning.
[Goldeneye]
Product=Goldeneye
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Goldeneye gets started with the system startup and runs in the background of the system. It records all keystrokes and tries to spy on the user.
[Ghostlogger]
Product=Ghostlogger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Ghostlogger gets startet by the system startup and runs in the background of windows. It records all keystrokes and tries to spy on passwords from the user.
[Fearless KeySpy]
Product=Fearless KeySpy
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Fearless KeySpy gets startet at system startup and runs in the background. In these hidden mode it records all keystrokes and tries to spy on the user and get his private information.
[Elite Keylogger]
Product=Elite Keylogger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description="Elite Keylogger " gets startet automatically by the system startup and runs in a hidden process. The Program records all keystrokes and tries to spy out passwords and other private information
[ActMon-Pro]
Product=ActMon-Pro
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=ActMon-Pro gets startet at system startup and runs in a hidden mode. So the user is not able to recognize that all keystrokes are recorded
[ABC-Keylogger]
Product=ABC-Keylogger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The hidden process of the "ABC-Keylogger" runs in the background and records all keystrokes of the user.
[Dr.PMon]
Product=Dr.PMon
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Dr.PMon connects to the internet without giving the user a possibility to cancel that process and downloads Cood.YazzleSudoku, ABetterIternet, TIBS etc.
[Trojan.Dloader-NC]
Product=Trojan.Dloader-NC
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Downloads code from the internet. Installs itself into the Registry, adds itself to shellexecutehooks.
[Nugache.A@mm]
Product=Nugache.A@mm
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=poses as Microsoft Domain Controller
Privacy=
Description=copies mstc.exe into systemdirectory , listens on port 8 for incoming connections from various remote ip adresses.%0D%0Aalso disguises itselt as GNU-Software and changes the windows firewall settings, opening port 8 and adding mstc.exe to the allowed applications.
[CasinoPalazzo]
Product=CasinoPalazzo
Company=Intercoastal Business Ltd
Threat=Dialer
CompanyURL=http://www.casinopalazzo.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=illegal content dialer, that poses as various systemfiles
Privacy=
Description=dialer executeables are named after or similar to windows systemfiles thus deceiving the user to execute them
[Iopus]
Product=Iopus
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Iopus is a keylogger which runs in a hidden mode in the background of the operating system. It records all keystrokes without the permission of the user and so it is possible to spy on the user.
[Wincontrol]
Product=Wincontrol
Company=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Wincontrol is a keylogger which runs in a hidden mode in the background of the operating system. It records all keystrokes without the permission of the user and so it is possible to spy on the user.
[Crazywinnings.Inc]
Product=Crazywinnings.Inc
Company=Topconverting / Crazywinnings Inc.
Threat=Trojan
CompanyURL=http://www.crazywinnings.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=according to filenaming like pacman.exe it appears to be a game .
Privacy=no statement
Description=no game, executing the file will result in internet access to crazywinnings.com , which appears to be a search website with a lot of advertising and misleading popunders.%0D%0Avery suspicous is the link: "why am I seeing this web site?" , it is linked to an email adress and is most likely to collect email adresses for spamming.%0D%0A%0D%0A
[Winsession Logger]
Product=Winsession Logger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Winsession Logger is a hidden Program that records all keystrokes. Additionally it makes screenshots of the programs that are used and so the user is completely observed.
[Frichi]
Product=Frichi
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan Frichi installs in the system directory and tries to start a connection to the internet. Frichi is listening on this connection for remote commands.
[Spytector]
Product=Spytector
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Spytector is a program that records all keystrokes made by the user. The user can't see the programm because it runs in a hidden mode and so it is possible to spy out passwords and other private stuff from the user
[AlertSpy]
Product=AlertSpy
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed antspyware solution.
Privacy=
Description=When it is installed it detects a lot of entrys which are false positives. When the user wants to solve these problems he has to buy a licence.
[Spyware Browser Antispyware]
Product=Spionfrei|Spyware Browser Antispyware
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=claims to be proper antispyware software
Privacy=
Description=But when this software is installed on a clean computer, it detects a lot of false positives and wants the user to buy a licence to solve the detected problems.
[UpToFind.RelatedSearch]
Product=UpToFind.RelatedSearch
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs RelatedSearch into Program Folder. Hijacks Internet explorer (new startpage: www.uptofind.com), tries to install WinFixer(Malware). Downloads many pornpictures into Temporary Internet Files folder and some other files.%0D%0AThere is a file in the Temp directory, which has an autorun entry. It runs in background and connects to the Internet without user consent.
[Win32.Bagle.WS]
Product=Win32.Bagle.WS
Company=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojans often use the hosts file to redirect websites to other ipadresses, commonly antivirus vendors get blocked
[SDBot.WMF Exploit]
Product=SDBot.WMF Exploit
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=poses as a wmf (windows meta file) picture
Privacy=
Description=loads file in c:\command.pif , renames the file to taskdrv32.exe and copies it into system directory.%0D%0Ataskdrv32.exe connects to the internet and hijacks the hostsfile, many antivirus updateservers are beeing redirected to various different ip adresses.
[EnergyFactor]
Product=EnergyFactor
Company=
Threat=Dialer
CompanyURL=http://www.ernergy-factor.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=illegal content dialer, may also pose as systemfiles
[DigiKeygen]
Product=DigiKeygen
Company=
Threat=Trojan
CompanyURL=http://www.digikeygen.com/
CompanyProductURL=http://www.digikeygen.com/
CompanyPrivacyURL=
Functionality=Trojan
Privacy=
Description=Fraud product. DigiKeygen is a trojan file used on some x-rated movie sites. A variant of the Zlob.Downloader.
[Win32.Small.kw]
Product=Win32.Small.kw
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Trojan
Privacy=
Description=Win32.Small.kw copies itself into the Windows system folder as 1u7.exe. This is a trojan/backdoor program.
[Win32.Agent.mn]
Product=Win32.Agent.mn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs ctldlg.dll into the system directory. This file is run as a BHO and is run along with the Internet Explorer. It is named to look like a systemfile.
[Small.cxl]
Product=Small.cxl
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan Small.cxl copies itself into the system directory and creates an entry in systemstart. So the trojan starts by every system startup and tries to connect to the internet.
[Click.AgentHI]
Product=Click.AgentHI
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The Trojan "Click.AgentHI" installs itself into the system directory and tries to spy on the internetsurfing habits of the user. Depending on the aquired data, adpopups are shown.
[Swizzor]
Product=Swizzor
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Swizzor installs itself on the computer and tries to connect to a server in the internet. Then it waits for new orders to harm the computer.
[FreePops]
Product=FreePops
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs malicious files into Windows- and System-Directories. Has Backdoor capabilities.
[VirusBlast]
Product=VirusBlast
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an antispyware software
Privacy=
Description=The Program is advertised by popups in the Internet Explorer and claims to be an antivirus solution. When it is installed on the computer it detects several non existing problems and wants the user buying a license.
[SurfSideKick]
Product=SurfSideKick
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Being Executed the program will install itself into the Program Files folder under the name "SurfSideKick2", create registry entries and an autostart entry. From that moment pop-ups will come up while surfing with Internet Explorer.
[MZS.Spoolserver32]
Product=MZS.Spoolserver32
Company=na
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated,%0D%0Aaccording to file and autorun naming, it appears to be windows system files and services
Privacy=na
Description=csmss.exe and winacpi.dll copie themselves to <$SYSDIR> and start contacting the following hosts%0D%0A205.209.172.230%0D%0Aexbandos.biz%0D%0Azorrocoolboy.biz%0D%0Anobro.net%0D%0A%0D%0AThis trojan attempts to terminate the process of security programs with the following filenames:%0D%0Akpf4gui.exe%0D%0ANPROTECT.EXE%0D%0AMpfService.exe%0D%0Aoutpost.exe%0D%0AZAPRO.EXE%0D%0Aamon.exe%0D%0Akpf4ss.exe%0D%0Afirewall.exe%0D%0Azonealarm.exe%0D%0A%0D%0Athe Trojan also sets the IE startpage to about:blank%0D%0A
[LowZones.df]
Company=
Product=LowZones.df
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan LowZones.df copies itself into the system directory and creates an entry in systemstart. So the trojan starts by every system startup and tries to connect to the internet.
[Ardamax]
Product=Ardamax
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Ardamax is a typical keyloger that records all keystrokes of the user. It runs in a hidden mode in the background of the system.
[Crackspider]
Product=Crackspider
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=http://www.crackspider.net/
CompanyPrivacyURL=
Functionality=Crackspider installs a toolbar and claims to make any software available for free.
Privacy=
Description=This program adds itself to the favorites in IE and redirects the user to "www.crackspider.net".
[TitanShield]
Product=TitanShield
Company=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be an antivirus software
Privacy=
Description=The Program poses to be an antivirus program. When it is installed on the computer it finds a lot of malware (that do not really exit) and that can only be removed by buying a license
[Zlob.PornMagPass]
Product=Zlob.PornMagPass
Company=
Threat=Trojan
CompanyURL=http://www.pornmagpass.com/
CompanyProductURL=http://www.pornmagpass.com/
CompanyPrivacyURL=
Functionality=Supposed to enable access to free pornsites.
Privacy=
Description=Associated pornsite can be accessed without this software, also the websites log the users ip-adress in the cookies. %0D%0ARegistrars for the websites are related to Smitfraud-C., DK&Suns Trojan and Zlob. Trojan downloads unwanted thirdprty software like SpywareQuake, SpywareQuake2,...
[SearchSpy]
Product=SearchSpy
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Trojan.
Privacy=
Description=SearchSpy monitors user behaviour within the Internet Explorer. Member of the VirtuMonde family.
[Win32.Murlo.du]
Product=Win32.Murlo.du
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Trojan
Privacy=
Description=Trojan-Downloader, installs SearchSpy and terminates Antivirus Software. Member of the VirtuMonde family.
[SpywareSoftStop.Hijacker]
Product=SpywareSoftStop.Hijacker
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The downloaded file hijacks the IE startpage and the Favourites folder as well. The user is directed to Spywyresoftstop.com. Spywaresoftstop is categorized as Malware by Spybot S&D.
[SilentCaller.pw]
Product=SilentCaller.pw
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The installer file installs file called h91746.exe into the temp directory. Both the installer and h91746.exe are run in background. h91746.exe installs the trojan Small.clx.
[S.P-Bot.B]
Product=S.P-Bot.B
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This startup entry is started automatically from AutoRun (divx) in the registry and also loads Casinopalazzo, EliteBar, EnergyFactor etc.
[Elitum.Elitebar.Pokapoka]
Product=Elitum.Elitebar.Pokapoka
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware adds itself as service system service79 thus starting itself at every systemstart.
[XXXTeenPornPack]
Product=XXXTeenPornPack
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware is added as "WindowsTaskMgr" to the systemstart and drops the files "taskmqr.exe" into the windowsdirectory and "taskreq.exe" into the systemdirectory.
[Tibs.ao]
Product=Tibs.ao
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This Trojan-Downloader loads a lot of other trojans and stuff like BraveSentry, Small.cxl, Smitfraud-C. etc. This may cause an unstable system and shutdowns.
[Win32.Lager.aq]
Product=Win32.Lager.aq
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file taskdir.exe installs taskdir~.exe into the system32 folder, and runs in background. This file connects to the internet and downloads a file called scane.exe. taskdir.dll hides all files with a "taskdir" in their name. taskdir.exe checks every 5 seconds the hidden file index.dat in the TIF (Temporary Internet Files) folder. The users surfing behaviour can be found out that way. How to clear index.dat: http://www.zdnet.de/enterprise/os/0,39023494,20000261,00.htm
[SilentSpy]
Product=SilentSpy
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The spyware can install several files and store keystrokes, screenshots and websitetitles (s. Symantec). It also changes entries in the registry.
[Win32.Small.em]
Product=Win32.Small.em
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The downloaded file runs in background. It stores the time, when the trojan is run in the registry. It has the ability to download files and execute them (s. Sophos for details).
[Axfibula]
Product=Axfibula
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Axfibula installs into some subfolders of the program files directory and tries to spy out users surf behaviour. It is part of a direct marketing application that probably loaded on your computer with some PSP software.
[SpywareDetector]
Product=SpywareDetector
Company=Max Secure Software
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpywareDetector seems to be in close relation to Smitfraud-C. It is installed together with Smitfraud-C. and pretends to be an anti virus solution. Scanning with SpywareDetector will return viruses found (that were installed before by SpywareDetector) but the user cannot remove them without buying the full version for about EUR 20. As SpywareDetector is often installed with Smitfraud-C. against the user's will, full alertness is essential.
[Virtumonde]
Product=Virtumonde
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Virtumonde copies itself to the system folder and creates a BHO. Virtumonde connects to malicious websites in background. It also adds a randomly named dll to the Winlogon Notify, which will make it very resistable to removal. Removal requires the computer to be disconnected from the internet and restarted after first scan and fixing session. If you need help with removal please contact Team Spybot S&D via forums or email.
[YazzleSnowball_Wars]
Product=YazzleSnowball_Wars
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=www.nictechnetworks.com
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file downloads from amaena.com, browse-rhighlights.com qwickfind.com and causes popups.
[Browsezilla]
Product=Browsezilla
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Browsezilla create Browsezilla -Directory, Desktop-Links, ProgramMenu-Section without giving the user a possibility to cancel that process.
[Dialer.GlobalAccess]
Product=Dialer.GlobalAccess
Company=Global Access Ltd.
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This file is a dialer. There is a popup window which informs the user that he will be connected to the internet via the dialer for a specified fee and asks the user if he or she is legally using this dialer. There is a possibility not to get connected to the internet by clicking no. The file is copied to the user's desktop anyway.
[TeamTaylor.Screensaver]
Product=TeamTaylor.Screensaver
Company=Team Taylor
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a free screensaver , for example with pictures from jessica simpson
Privacy=
Description=on installation, while the eula is shown, multiple malware/spyware/trojans like Web Nexus , Media Motor and Internet Optimizer are being installed in background without authorisation. If the installation is aborted these malicious programs stay, if the installation is completed, the spyware Zango is also installed.%0D%0AZango actually installs first and uninstalls if the user decides to abort its installation.%0D%0A%0D%0A
[WildMedia]
Product=WildMedia
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Wild Media is a trojan that installs itself into the personal directorys of the user. When it is installed it tries to connect to the internet and waits for new orders to harm the computer. In some variants of Wild Media the Trojan hijacks the Internet Explorer.
[Zlob.XPasswordManager]
Product=Zlob.XPasswordManager
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a password manager for storing porno passwords
Privacy=
Description=like most applications affiliated with Zlob the stated function is not available. In this case, the software is usually expired. To avoid detection by anti-malwarescanners, the installerfiles get changed frequently.
[Win23.PE]
Product=Win23.PE
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This Malware adds itself as a service to windows. The service is named pe386. It may also come disguised as a text file. Since the malware is added as a service it is started automatically with windows and runs in background.
[ConHook]
Product=ConHook
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=ConHook ( BHO ) copies itself to the system folder (dll) and connects to the internet without giving the user a possibility to cancel that process. Can also download and execute unwanted software.
[SearchCentrix]
Product=SearchCentrix
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs BHOs and spoolsvv.exe is run on system startup. The naming for spoolsvv.exe
[Web-Nexus]
Product=Web-Nexus
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Uses hidden processes, adds its files to systemstart and winlogon thus enabling it to start at any windows session. Web-Nexus is also able to reinstall itself without user consent if parts of it are disabled or removed. Very persistent.
[DyFuCA.InternetOptimizer]
Product=DyFuCA.InternetOptimizer
Company=Avenue Media
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=belongs to avenue media, installs without user consent, runs in background, changes its files regularly to evade detection.
[MediaMotor]
Product=MediaMotor
Company=Media Motor
Threat=Adware
CompanyURL=http://media-motor.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=MediaMotor gets installed through trojan horses. It causes pop up windows on the desktop without user consent. It creates autorun entries in order to be launched on every Windows startup. It changes the Internet Explorer settings by adding the domain media-motor.net to the zonemaps.
[Perlink]
Product=Perlink
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan downloader.
[AdStatus Service]
Product=AdStatus Service
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=gets installed without user consent through trojans, appears to be related to Windupdates which poses as Windowsupdate
[Banker-AJD]
Product=Banker-AJD
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Banker-AJD tries to spy on the personal banking information from brazillian users
[Bearshare]
Product=Bearshare
Company=Musiclab
Threat=PUPS
CompanyURL=
CompanyProductURL=http://www.bearshare.com/
CompanyPrivacyURL=
Functionality=supposed to be a free , adsupported client for the Gnutella p2p network
Privacy=
Description=running Bearshare requires the installation of Zango. Uninstalling Zango will disable Bearshare.%0D%0ADuring installation the checkbox for beeing "18 or older " is already checked, this is not a valid for an installer. Also the Bearshare Eula strangely forbidds members of phantom companies from using bearshare.%0D%0A%0D%0ABearshares website is also registered through domains by proxy which is also not a valid option for a proper company.%0D%0A%0D%0A
[Cimuz]
Product=Cimuz
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan installs the mdms.exe and ipv4monr.dll in the windows directory and creates an autorun entry to be loaded on every startup. A BHO is created. Additionally it downloads further malware from troonety.biz. Information about the pc (host name, IP, country, ComID and OS) are stored in info.txt in the system directory. It contacted the server 213.248.55.196
[Command Service]
Product=Command Service
Company=Command desktop advertising
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=poses as various friendly components with names like, keyboard, command service, defender
Privacy=
Description=while naming its files with unsuspecting names in systemstart, the files run in background, connect to the internet and use up most of the systems resources.%0D%0Aeverything is done without user consent nor his knowledge.
It starts every startup as a service and displays popups. You can just remove it with Spybot Search & Destroy in Windows Safe Mode.%0D%0A!!! Additional Removing instructions:%0D%0ADirectly after removing the service in Windows Safe Mode search for the command.exe. You find it in <WINDOWS directory>\*random characters directory*\command.exe. Now delete the folder where the command.exe is located in.
[CoolWWWSearch.Compstuic]
Product=CoolWWWSearch.Compstuic
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=installs Browser Helper Objects to redirect the Internet Explorer to CoolWWWSearch Websites
[KillAndCleanScanner]
Product=KillAndCleanScanner
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=KillAndCleanScanner claims to be an antivirus solution that installs itself to the computer. When the user starts a scan KillAndCleanScanner finds some registrykeys that were created by the installation of KillAndClean and wants the user to delete them. When the user wants to delete these keys by clicking on "kill problems" he has to buy a licence.%0D%0AKillandCleanScanner seems to be related to other malware like Pipas.A and Smitfraud-C.
[Slogger]
Product=Slogger
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It installs an exe and dll file in the system directory with randomized characters. To be loaded on every startup it creates a key in ShellServiceObjectDelayLoad. The dll is registered as an COM object.
[SnapFiles-SoftForYouLogger]
Product=SnapFiles-SoftForYouLogger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The SnapFiles-SoftForYouLogger records all keystrokes without the permission of the user. The program runs in a hidden mode in the background of the system so the user does not recognize that he is being spied on.
[ZenoSearch]
Product=Zeno
Company=Zeno Tecnico
Threat=Malware
CompanyURL=http://www.zenotecnico.com/
CompanyProductURL=http://www.zenotecnico.com/
CompanyPrivacyURL=http://www.zenotecnico.com/
Functionality=supposed to be a searchassistant
Privacy=By installing the Zeno Application, you drant permission for Zeno to periodically display targeted websites, to collect certain information, including the websites you visit and search queries you submit while conneted to the Internet, and to use that information as described herein. [...] it generates logs of your web browsing activity, including webpages you have visited [...]
Description=Connects to the internet without user┤s permission. Creates systemstart entries and runs in the background and logs your browsing behaviour. Systemstart entries have names like "BrowserUpdateSched" which conceals its true identity.
Description=Installs an IE Browser Helper Object and delivers advertisement and promotional information while the user is surfing through the Internet. Also collects various information about the user like IP address, his operating system and so on.
Functionality=The WhenUSearch Browser Toolbar provides immediate access to powerful Internet search capabilities, while delivering contextually relevant text-based offers, discounts, and coupons.%0D%0A%0D%0AUnlike traditional search toolbars, WhenU's unique contextual slider continuously presents you with non-intrusive text-links embedded within the browser toolbar as you continue to navigate the Internet.%0D%0A%0D%0A
Privacy=By downloading the WhenUSearch Toolbar ("the Toolbar"), you give permission to WhenU.com, Inc. ("WhenU") to display relevant contextual information and offers. The Toolbar selects which ads and offers to show you based on several factors, including: which webpages you visit, search terms you use while searching online, your local zip and/or country code, and content of the webpages you view. The Toolbar displays contextual ads and offers in the form of rotating text links accessible from within the application.%0D%0A%0D%0AThe Toolbar protects your privacy by uploading a database of content in small chunks to your desktop and then determining on your desktop whether to retrieve information from WhenU or third-party servers. To protect your privacy, the same database of content is sent to all desktops. Decisions regarding which advertising and offers to retrieve are processed on your computer desktop. In this way, WhenU is able to deliver to you relevant coupons, information and advertisements without establishing any profile about you (even anonymously) on WhenU servers.%0D%0A%0D%0AYour privacy is also protected in the following manner: %0D%0A%0D%0A1) Your personally-identifiable information is not required in order to use the Toolbar. WhenU does not know your individual identity and does not attempt to discern it in any way.%0D%0A%0D%0A2) As you surf the Internet, your "clickstream data" (i.e. a log of all the sites you visit) is not transmitted to WhenU or any third party server. (Although impressions and click-throughs that contain indicia of browsing activity are transmitted each time an ad is served, as described below, these communications are never linked to personally identifiable information and are otherwise carefully designed to protect your privacy.)%0D%0A%0D%0A3) WhenU does not assemble any personally-identifiable browsing profiles of you or your individual machine.%0D%0A%0D%0A4) WhenU does not assemble any anonymous machine-identifiable browsing profile of you or your machine.%0D%0A%0D%0A5) WhenU does not track which ads and offers you see as an individual user ù all of our analysis and tracking of ads is done in the aggregate.%0D%0A%0D%0AThe Toolbar does send back certain information from your desktop in order to count the number of users in our network and optimize the performance and relevancy of the ads. For example, when an offer is displayed to you in the Toolbar and whenever you click on such an offer, the Toolbar sends WhenU a communication that may include information about the webpage you were viewing before you saw or clicked on a particular ad. WhenU has intentionally designed these communications back to WhenU to be highly protective of user privacy, in the following ways:%0D%0A%0D%0A(a) Each individual desktop is assigned an anonymous, unique machine ID. This machine ID is used only to enable WhenU to count unique, active desktops in the network. The machine ID is not used to determine which ads to serve individual users or to create browsing profiles of users.%0D%0A%0D%0A(b) When ads are requested and/or displayed by the Toolbar, impressions and click-throughs, including the factor (e.g., the URL, the keyword, or the search term, or some combination thereof) that caused the ad to be displayed are reported to WhenU. Because the Toolbar's advanced functionality is designed to display ads whenever contextually-relevant activity is detected, a continuous series of impressions and click-throughs may be transmitted to WhenU.com's servers as you surf the Internet. To protect your privacy and prevent WhenU or any third party from assembling individual user profiles or knowing which Web sites you visit, your unique machine ID is intentionally excluded from any communications sent back to WhenU that may include a URL or such other browsing-specific information.%0D%0A%0D%0AThe Toolbar does not place any cookies on your desktop. It is possible that a third party advertising on our network might place a cookie on your desktop. If you wish to opt-out from third party cookies, please click on the following link and follow the instructions: http://www.networkadvertising.org/optout_nonppii.asp.%0D%0A%0D%0AWhenU.com may update this privacy statement at any time. WhenU is committed to serving highly relevant, contextual coupons and offers, while still providing consumers with industry-leading privacy protection. More information about the software is available here, or for any further questions about our privacy policy please email privacy@whenumail.com.%0D%0A
Description=like WhenU.Search.DesktopToolbar, this connects right after installation to the internet using search.exe , which connects every 63 seconds.%0D%0Ait is also registered in Systemstart. it connects to server from whenU%0D%0Athe toolbar appears in IE and connects to a server from whenu every 63 seconds. --> search.exe gets started with the Toolbar%0D%0Ausing the searchfunction starts search.exe if it has been deactivated.%0D%0A %0D%0Asearch.exe does not close , when IE closes. --> it continues to establish connection to akapp.whenu.com , intervals can vary between 60-63seconds
Functionality=The WhenUSearch Desktop Toolbar provides immediate access to powerful Internet search and navigation functionality, while delivering contextually relevant text-based offers, discounts, and coupons.%0D%0A%0D%0AUnlike traditional browser toolbars, WhenU's unique desktop toolbar allows you to have quick access to the Internet, search and email without ever opening a browser window.%0D%0A%0D%0AAdditionally, the contextual slider continuously presents you with non-intrusive text-links embedded within the toolbar as you continue to navigate the Internet.%0D%0A%0D%0A
Privacy=By downloading the WhenUSearch Toolbar ("the Toolbar"), you give permission to WhenU.com, Inc. ("WhenU") to display relevant contextual information and offers. The Toolbar selects which ads and offers to show you based on several factors, including: which webpages you visit, search terms you use while searching online, your local zip and/or country code, and content of the webpages you view. The Toolbar displays contextual ads and offers in the form of rotating text links accessible from within the application.%0D%0A%0D%0AThe Toolbar protects your privacy by uploading a database of content in small chunks to your desktop and then determining on your desktop whether to retrieve information from WhenU or third-party servers. To protect your privacy, the same database of content is sent to all desktops. Decisions regarding which advertising and offers to retrieve are processed on your computer desktop. In this way, WhenU is able to deliver to you relevant coupons, information and advertisements without establishing any profile about you (even anonymously) on WhenU servers.%0D%0A%0D%0AYour privacy is also protected in the following manner:%0D%0A%0D%0A1) Your personally-identifiable information is not required in order to use the Toolbar. WhenU does not know your individual identity and does not attempt to discern it in any way.%0D%0A%0D%0A2) As you surf the Internet, your "clickstream data" (i.e. a log of all the sites you visit) is not transmitted to WhenU or any third party server. (Although impressions and click-throughs that contain indicia of browsing activity are transmitted each time an ad is served, as described below, these communications are never linked to personally identifiable information and are otherwise carefully designed to protect your privacy.)%0D%0A%0D%0A3) WhenU does not assemble any personally-identifiable browsing profiles of you or your individual machine.%0D%0A%0D%0A4) WhenU does not assemble any anonymous machine-identifiable browsing profile of you or your machine.%0D%0A%0D%0A5) WhenU does not track which ads and offers you see as an individual user ù all of our analysis and tracking of ads is done in the aggregate.%0D%0A%0D%0AThe Toolbar does send back certain information from your desktop in order to count the number of users in our network and optimize the performance and relevancy of the ads. For example, when an offer is displayed to you in the Toolbar and you click on such an offer, the Toolbar sends WhenU a communication that may include information about the webpage you were viewing before you saw or clicked on a particular ad. WhenU has intentionally designed these communications back to WhenU to be highly protective of user privacy, in the following ways:%0D%0A%0D%0A(a) Each individual desktop is assigned an anonymous, unique machine ID. This machine ID is used only to enable WhenU to count unique, active desktops in the network. The machine ID is not used to determine which ads to serve individual users or to create browsing profiles of users.%0D%0A%0D%0A(b) When ads are requested and/or displayed by the Toolbar, impressions and click-throughs, including the factor (e.g., the URL, the keyword, or the search term, or some combination thereof) that caused the ad to be displayed are reported to WhenU. Because the Toolbar's advanced functionality is designed to display ads whenever contextually-relevant activity is detected, a continuous series of impressions and click-throughs may be transmitted to WhenU.com's servers as you surf the Internet. To protect your privacy and prevent WhenU or any third party from assembling individual user profiles or knowing which Web sites you visit, your unique machine ID is intentionally excluded from any communications sent back to WhenU that may include a URL or such other browsing-specific information.%0D%0A%0D%0A
Description=search.exe connects every 63seconds to a server from WhenU and loads searchfallback.exe%0D%0A%0D%0Atoolbar can be installed without users permission with bundled software%0D%0A%0D%0Atoolbar can attempt internetaccess without user consent%0D%0A
[AdsAlert]
Product=AdsAlert
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AdsAlert claims to be a antispyware solution and if it is installed on the computer, it finds some entrys as malware which are totally harmless. When the user tries to fix these problems he has to buy a licence and so the programs tries to frighten users by showing false positives.
Description=This is beeing flagged if the Windows Firewall is deactivated through policies. If you disabled Windows Firewall yourself, you can ignore this.%0D%0A
[Spabot]
Product=Spabot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Creates autorun etnries to be loaded on every windows start. Installs itself in the regsitry and sets the spoolsvv.exe on the list of authorized Applications to bypass the windows firewall. It contracts a remote server and downloads additional malware. It logs the user┤s working behavior in a log file (c:\sbot.log)
[SystemDoctor2006]
Product=SystemDoctor2006
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This startup entry is started automatically in Autorun in the registry, copies itself to the system folder without giving the user a possibility to cancel that process. Also downloads and installs Smitfraud-C., Huntbar, Tango etc.
[PlayPartyPocker]
Product=PlayPartyPocker
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=PlayPartyPocker is a BHO connecting to de.partypoker.com, generates desktop icon
[Downloader.Tsupdate.L]
Product=Downloader.Tsupdate.L
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Downloader.Tsupdate.L connect to the internet without giving the user a possibility to cancel that process and downloads Network Monitor, YazzleSnowball_Wars, Zlob.CommandService, Targetserver etc.
[AdwareFinder]
Product=AdwareFinder
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an antispyware tool and a proper IE toolbar with security options and searchengine
Privacy=
Description=AdwareFinder is not operational, it does start the gui but does not scan or protect the computer in any way, even filepaths are made wrong.%0D%0AThe toolbar is only partly operational, searchengine only shows sponsored links, which are very questionalble because the search for antispyware tools leads to malicious antispyware vendors like SpywareBot
[AdMedia]
Product=AdMedia
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Downloads files, intalls a BHO and ClassIDs in the registry. Most things are known adware or related to it.
[Adware Pro]
Product=AdWare Pro
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Adware Pro claims to be a antispyware solution and if it is installed on the computer, it finds some entrys as malware which are totally harmless. When the user tries to fix these problems he has to buy a licence and so the programs tries to frighten users by showing false positives.
[ADS-Remover]
Product=ADS-Remover
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=ADS-Remover claims to be a antispyware solution and if it is installed on the computer, it finds some entrys as malware which are totally harmless. When the user tries to fix these problems he has to buy a licence and so the programs tries to frighten users by showing false positives.
[AdwareAlert]
Product=AdwareAlert
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AdwareAlertT claims to be a antispyware solution which do not detect any kind of malware. AdwareAlert is the same app as SpywareBOT which is a bad copy of Spybot Search & Destroy.
[AdwareSheriff]
Product=AdwareSheriff
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AdwareSheriff claims to be an antivirus solution and is spread by very aggressiv advertisment. If the program finds any problems on the system the user has to buy a licence of AdwareSheriff to fix these. Additionally it is very difficult to remove AdwareSheriff if it is installed on the computer.
[AgentSpyware]
Product=AgentSpyware
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AgentSpyware claims to be an antivirus solution. If it is installed on the computer it detects some spywares even if the computer is a totally clean machine. If the user wants to fix these problems, he has to buy a licence. When he tries to close the application it pops up every few seconds and tries to convince the user to buy it.
[Easy-Spyware-Killer]
Product=Easy-Spyware-Killer
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Easy-Spyware-Killer claims to be an antivirus solution and if it is installed on a totally clean computer it finds some "bad" entrys. If the user wants to fix these entrys he has to buy a licence.
[EyeSpyNow]
Product=EyeSpyNow
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=EyeSpyNow is a keylogger that records all keystrokes of the user. The user is not able to recognize that because the keylogger runs in a hidden mode in the background of the system. Additionally the keylogger takes screenshots of every window the user opens.
[Goodbye-Spy]
Product=Goodbye-Spy
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Goodbye-Spy claims to be an antivirus solution. If it is installed on the computer it detects some spywares even if the computer is a totally clean machine. If the user wants to fix these problems, he has to buy a licence.
[KillSpy]
Product=KillSpy
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=KillSpy claims to be an antivirus solution. If it is installed on the computer it detects some spywares even if the computer is a totally clean machine. If the user wants to fix these problems, he has to buy a licence.
[PC-Health-Plan]
Product=PC-Health-Plan
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=PC-Health-Plan claims to be an antivirus solution. If it is installed on the computer it detects some spywares even if the computer is a totally clean machine. If the user wants to fix these problems, he has to buy a licence.
[SpywareBOT]
Product=SpywareBOT
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpywareBOT claims to be an antispyware solution which do not detect any kind of malware. The name and slogan is copied from Spybot - Search & Destroy and so they try to bluff users that try to get the real antispyware tool. SpywareBOT is the same app as AdwareAlert
[Spy Sheriff]
Product=Spy Sheriff
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This program creates a picture and sets it as desktop wallpaper. This wallpaper contains a warning that the computer is infected with viruses and that it would be impossible to keep on working without running an antivirus application. At the same time an Active Desktop from CWS with a dubious search page is placed over the wallpaper. Besides CWS, TIBS and other programs it also downloads a pseudo antivirus scanner named Spy Sheriff that will find the virus (that it created itself). But in order to remove the virus one has to purchase the full version at a price of aboout 20 EUR. Furthermore some files in the System32 folder are hidden by which the virus protects itself from being found. These files are visible in Windows Safe Mode. At the moment Spybot-S&D fixes these files when running on the next system startup.
[Microsoft.WindowsSecurityCenter_disabled]
Product=WindowsSecurityCenter_disabled
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=if the Windows Security Center is disabled this entry will be shown
Privacy=
Description=Malware can disable the Windows Security Center to make your System more vulnerable.%0D%0A%0D%0AIf you have other security software suit installed, this may also deactivate the Windows Security Center to avoid double warning messages.
[ISearchTech.ISTsvc]
Product=ISearchTech.ISTsvc
Company=ISearchTechnologies
Threat=Malware
CompanyURL=http://isearchtech.com/
CompanyProductURL=http://www.ysbweb.com/
CompanyPrivacyURL=
Functionality="IST has developed a product aimed at both the surfer and the webmaster in the form of an addictive Internet Explorer toolbar. Designed by the webmaster, it brands the webmaster's website and creates surfers loyalty too.%0D%0A%0D%0AThe toolbar can be built and distributed through a highly effective affiliate program aimed at the webmaster or anyone that is willing to cash-in their traffic by distributing IST products."
Privacy=not stated
Description=This piece of malware connects to internet and installs ISTsvc.%0D%0AIt does not state required information.%0D%0AISearch Technologies tends to use several exploits to install its software without user consent.%0D%0AThe file istsvc.exe is running in the background and is being added to system startup.
[Vcodec.5StarVideos]
Product=Vcodec.5StarVideos
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Windows Media Player codec, namely Mediacodec or ZipCodec.
Privacy=
Description=Trojan files offered on fraud xrated site. One variant is a rogue codec program, called ZipCodec. User is misleaded with "Window Media Player is unable to play movie file. Click here to download new version of codec." This is a member of the Zlob.Downloader family. Other 5Star mediacodec variant downloads severall trojan files and generates an autorun entry.
[Citofarera]
Product=Citofarera
Company=
Threat=Dialer
CompanyURL=http://www.archiviosex.net
CompanyProductURL=
CompanyPrivacyURL=
Functionality=It's a dialer.
Privacy=
Description=Italian dialer programm. Generates autorun entries, changes zonemaps, drops severall webpage links and icons. Related to Sfonditalia and Sgrunt dialer.
[ParallelTasking]
Product=ParallelTasking
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This startup entry is started automatically in Autorun in the registry, creates a folder named "Parallel Tasking" without giving the user a possibility to cancel that installation process.. Also download others objects.
[CoolWWWSearch.SearchToolbar]
Product=CoolWWWSearch.SearchToolbar
Company=CoolWWWSearch
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SearchToolbar installs a browser toolbar (BHO). Also download WebDialer,FindSpy.A, CoolWWWSearch etc.
[Adware-Patrol]
Product=Adware-Patrol
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Adware-Patrol claims to be an antivirus solution. If it is installed on the computer it detects some spywares even if the computer is a totally clean machine. If the user wants to fix these problems, he has to buy a licence.
[Doctor-Adware-Pro]
Product=Doctor-Adware-Pro
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Doctor-Adware-Pro claims to be an antivirus solution. If it is installed on the computer it detects some spywares even if the computer is a totally clean machine. If the user wants to fix these problems, he has to buy a licence.
[ETD-Security-Scanner]
Product=ETD-Security-Scanner
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=ETD-Security-Scanner claims to be an antivirus solution. If it is installed on the computer it detects some spywares even if the computer is a totally clean machine. If the user wants to fix these problems, he has to buy a licence.
[Pestbot]
Product=Pestbot
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Pestbot claims to be an antivirus solution. If it is installed on the computer it detects some spywares even if the computer is a totally clean machine. If the user wants to fix these problems, he has to buy a licence.
[ScanSpyware]
Product=ScanSpyware
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=ScanSpyware claims to be an antivirus solution. If it is installed on the computer it detects some spywares even if the computer is a totally clean machine. If the user wants to fix these problems, he has to buy a licence.
[SpyDestroy-Pro]
Product=SpyDestroy-Pro
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyDestroy-Pro claims to be an antivirus solution. If it is installed on the computer it detects some spywares even if the computer is a totally clean machine. If the user wants to fix these problems, he has to buy a licence.
[Spyware-Soft-Stop]
Product=Spyware-Soft-Stop
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyDestroy-Pro claims to be an antivirus solution. If it is installed on the computer it detects some spywares even if the computer is a totally clean machine. If the user wants to fix these problems, he has to buy a licence.
[Trojan-Guarder]
Product=Trojan-Guarder
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan-Guarder claims to be an antivirus solution. If it is installed on the computer it detects some spywares even if the computer is a totally clean machine. If the user wants to fix these problems, he has to buy a licence.
[AstaKiller]
Product=AstaKiller
Company=
Threat=Trojan
CompanyURL=http://asta-killer.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This startup entry is started automatically and copies more files to the windows system folder. It installs a Toolbar in IE-Explorer. Also it always connects to the internet without giving the user a possibility to cancel that process. It downloads Avenue A, Command Service, Network Monitor, Smitfraud-C, Smitfraud-C.Toolbar888, Targettsaver,Downloader.Tsupdate.L, Zlob-Familie, Look2Me_RG etc.
[KillAV.HostsMgr]
Product=KillAV.HostsMgr
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=according to filename this trojan poses as an unsuspecting programm named Hostsmanager
Privacy=
Description=on execution the trojan shows no action on screen, it works in the background and runs a hidden batchfile it creates to disable antivirus products, rename its own files and remove them to delete its tracks.%0D%0A%0D%0A
[Related-Search-Defender]
Product=Related-Search-Defender
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Related-Search-Defender hijacks the Internet Explorer and shows popups when the user types special keywords by google.de .
[SearchToolbarCorp.ToolbarVision]
Product=SearchToolbarCorp.ToolbarVision
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be some searchtoolbar for the Internet Explorer
Privacy=
Description=Installs without user consent. Searchresults are malicious. Gets installed through other trojans.
[Smitfraud-C.Toolbar888]
Product=Smitfraud-C.Toolbar888
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Smitfraud-C.Toolbar888 is connecting to malicious website without giving the user a possibility to cancel that process.%0D%0AIt also adds a randomly named dll to the Winlogon Notify, which will make it very resistable to removal. If you need help with removal please contact Team Spybot S&D via forums or email.%0D%0A
[SpyHeal]
Product=SpyHeal
Company=
Threat=Malware
CompanyURL=http://www.spyheal.com/
CompanyProductURL=http://www.spyheal.com/
CompanyPrivacyURL=
Functionality=Supposed to be an antispyware software.
Privacy=
Description=Rogue antispyware software with inadequate detection patterns. Successor of SpywareQuake. Registration links to spywarequake.com
[SpyQuake2]
Product=SpyQuake2
Company=
Threat=Trojan
CompanyURL=http://www.spywarequake.com/
CompanyProductURL=http://www.spywarequake.com/
CompanyPrivacyURL=
Functionality=Supposed to be an antispyware software
Privacy=
Description=Successor of SpywareQuake (version 2.3). Official demoversion appears to install normally but finds a lot of false positives, most likely intentional to make user buy the full product.%0D%0AStealthinstall version gets installed with Vcodec/ Zlob, also capable of reinstall via winlogon hijack and viruswarning popup.%0D%0A
[Win32.Qoologic]
Product=Win32.Qoologic
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Qoologic copies exe and dll files to Windows and windows\System folder.%0D%0AWin32.Qoologic connects to the Internet without giving the user a possibility to cancel that process and downloads others objects.
[WinFixer]
Product=WinFixer
Company=Innovative Marketing, Inc.
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to fix various system malfunctions in windows, such as corrupt files, registry entries and so on
Privacy=
Description=advertising:%0D%0AAggressive advertising using flash to bypass popupblockers. Advertising LIES about the users computer beeing infected and/or corrupted.%0D%0A%0D%0Ainstallation:%0D%0Aduring installation of the trial version, there is absolutely no display of any license or user agreement. An encrypted connection is being established to reliablestats.com without any notice nor question for user consent.%0D%0A%0D%0Asystemscan with winfixer shows more than 100 "severe Threats" on a clean test system , the "scans" are usually completely overexaggerated.%0D%0A%0D%0Asubsequent scans may show a difference in scanresults, without changes made to the system.%0D%0A%0D%0Atrial version does not allow fixing, instead a connection to trial.updates.winsoftware.com is established without any notice nor question about user consent.%0D%0A%0D%0Auninstallation also causes a connection to reliablestats.com again with no user consent nor notice.%0D%0A
[X-Con-Spyware-Destroyer]
Product=X-Con-Spyware-Destroyer
Company=Indigo Rose
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=X-Con-Spyware-Destroyer claims to be an antivirus solution. If it is installed on the computer it detects some spywares even if the computer is a totally clean machine. If the user wants to fix these problems, he has to buy a licence.
[X-Spyware]
Product=X-Spyware
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=X-Spyware claims to be an antivirus solution. If it is installed on the computer it detects some spywares even if the computer is a totally clean machine. If the user wants to fix these problems, he has to buy a licence.
[Zlob.Foro]
Product=Zlob.Foro
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=disquises itself as Microsoft files like userinit.exe and lsass.exe
Privacy=
Description=filepaths are different, fileinformation is faked: Company name "Microsoft Corporation." . The real Company name ist without the dot at the end.%0D%0Athe trojan files run in background and connect to the internet without any user consent.
[Zlob.AudioCat]
Product=Zlob.AudioCat
Company=
Threat=Trjoan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=disguises as audiodriver or msn file%0D%0A%0D%0A
Privacy=
Description=uses unsuspecting filenaming like mns.exe which sounds like msn.exe, and systemstartentry audiocat.%0D%0A%0D%0Aif executed the trojan connects to the internet without user consent nor display and downloads itself again, and adds the new renamed file to the systemstart.
[180Solutions.Iyus-M]
Product=180Solutions.Iyus-M
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=180Solutions.Iyus-M copies dangerous exe and dll files to the Windows and windows\system folder.
[2Search]
Product=2Search
Company=
Threat=Adware
CompanyURL=http://2search.org/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It contacts servers and downloads additional bad software. It installs an Browser Helper Object which loads on every Internet Explorer startup and displays alternative webpages which are similar to the entered user┤s adress.%0D%0AIt also logs user┤s surfing bahavior in a log file.
[91Cast]
Product=91Cast
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=n.a.
Privacy=n.a.
Description=This application is responsible for popup windows (from www.itunion.com). There is no lincense agreement shown, while installing, just a hint that 0.9 will be installed. This is not shown when installed by Win32.Agent.se.
[Amiboide]
Product=Amiboide
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan tries to open a backdoor of the computer and so the computer is very insecure and can be exploited by attackers from the internet.
[Amitis]
Product=Amitis
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Amitis is a trojan builder + client + server with which one can take over complete control of a remote computer.
[AOLTrojan]
Product=AOLTrojan
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan tries to open a backdoor of the computer and so the computer is very insecure and can be exploited by attackers from the internet.
[Asassin]
Product=Asassin
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan tries to open a backdoor of the computer and so the computer is very insecure and can be exploited by attackers from the internet. When the attacker connects to the trojan, he can spy out keystrokes, visited websites and see all personal information.
[BackAge]
Product=BackAge
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan tries to open a backdoor of the computer and so the computer is very insecure and can be exploited by attackers from the internet.
[Baigoo.a]
Product=Baigoo.a
Company=Baigoo
Threat=PUPS
CompanyURL=www.baigoo.com
CompanyProductURL=www.baigoo.com
CompanyPrivacyURL=
Functionality=n.a.
Privacy=n.a.
Description=The file installs a BHO (a toolbar) without user consent. Several changes are made in the registry, an autorun entry makes sure the application is run on system startup. You can get rid of the software using Spybot S&D or the unistaller, which works allright.
[Bandook]
Product=Bandook
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan tries to open a backdoor of the computer and so the computer is very insecure and can be exploited by attackers from the internet.
[Beast]
Product=Beast
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan tries to open a backdoor of the computer and so the computer is very insecure and can be exploited by attackers from the internet.
[Boran.g]
Product=Boran.g
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=n.a.
Privacy=n.a.
Description=There is no license agreement shown while installing. This program installs BHOs and makes entries in the registry. It can be responsible for popup windows with advertising.
[Caishow]
Product=Caishow
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=n.a.
Privacy=n.a.
Description=This adware product is part of an adware bundle installed by Win32.Agent.se. There are several .exe files and BHOs installed into an extra program directory.
[CoolWWWSearch.Toolband]
Product=CoolWWWSearch.Toolband
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This toolbar registers as a browser helper object (BHO) without user consent.%0D%0AIt appears to use known established searchsites, but it also secretly uses different searchsites when the user clicks the "links" added by this toolbar.%0D%0AThese links refer to a useless searchsite, the mainsearch itself is also useless. The searchsites are unsuited for minors.%0D%0A%0D%0AThe library of the BHO also refers to a site registered to a known member of the CWS group.
[EngeryPlugin]
Product=EngeryPlugin
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware does not show up on install, thus installing itself secretly.%0D%0AIt runs in background and adds itself to systemstart.%0D%0AThe EnergyPlugin.exe has the property hidden and is not visible in standard Windows configuration.%0D%0AEnergyPlugin connects secretly to the internet and contacts various websites
[EvilEye]
Product=EvilEye
Company=EvilEye
Threat=Trojan
CompanyURL=http://www.evileyesoftware.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=The software is designed to create trojans.
Privacy=DISCLAIMER: LogIT is written for educational purposes only. %0D%0AThe author(s) of LogIT will in no way be held responsible for any %0D%0Adamages caused by the negligent use of this software.%0D%0A%0D%0AWARNING: If this is an undetected version and you have bought it %0D%0Afrom anyone using anything but the official contact addresses on %0D%0Awww.evileyesoftware.com at any time during your purchasing of the%0D%0A product then it is a fake because they do not have source! Type %0D%0A"corleone" (without speech marks) in box below to accept this agreement.
Description=The software itself may not be a trojan but it does create trojans, and since evileye is producing similar software constantly the line "for educational purposes" is just a try to push the responsability to the "user".
[HB.RichMedia]
Product=HB.RichMedia
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Disguises as a winrar executeable archive.
Privacy=
Description=HB.RichMedia installs a browser helper object (BHO) without user consent. It runs its files in background and adds itself to systemstart. It also appears to have serverfunctions
[IEHelper.e]
Product=IEHelper.e
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=n.a.
Privacy=n.a.
Description=Installs IEtoolbar keys in the registry which may cause trouble. It is known to be part of Adware. (see: http://support.microsoft.com/default.aspx?scid=kb%3Bde%3B289849) The adobeplayer rootclass connects to a server and saves activity to the files bootval.dat and datinfo.dat in the Windows directory which may be manually deleted.
Functionality=IM Names is free desktop software that will allow you to find great screen names for MSN, Yahoo or AOL%0D%0A
Privacy=
Description=In the help section of their homepage you can read the following: Does IM Names come with spyware or other harmful applications? %0D%0ANo! IM Names Does Not Contain Spyware or harmful applications. ...%0D%0ABut it installs the 2Search Adware against user┤s will and explicit consent.
[Look2Me]
Product=Look2Me
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Look2Me variants include browserhijacking, popup-advertising, and trojan-downloading.%0D%0A%0D%0AFilenames are changed frequently to avoid detection.%0D%0A%0D%0ANormally Look2Me is installed without user consent.
[LttLogger]
Product=LttLogger
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=LttLogger version 1.0%0D%0A%0D%0AAuthor:LttCoder%0D%0AHomepage: Http://www.opensc.ws , Opensc.cjb.net%0D%0AE-mail: ltt_coder@hotmail.com%0D%0A%0D%0AThanks to:%0D%0Asatan_addict%0D%0AFlippMode%0D%0ARead101%0D%0AChe%0D%0AJ3n7il%0D%0AFc%0D%0AAphex%0D%0A%0D%0Aand my beta testers:%0D%0Athe unblockable%0D%0ATHEBITTER%0D%0A
Description=The Keylogger records all keystrokes that are made by the user. The program runs in a hidden mode in the background and so the user cannot see that he gets spied out
[Tencent]
Product=Tencent
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Tencent is a company producing some IM products such as QQ.
Privacy=[...]We will ask you when we need information that personally identifies you ("Personal Information") or allows us to contact you. Generally, this information is requested when you are registering QQ or other on-line services. Personal Information collected by Tencent often is limited to your name, sex, age, birthday, ID number, address, educational level, information of your employer company, profession and your hobbies etc.[...]%0D%0APlease note that Tencent allows other companies that are presenting advertisements or researching users' response to advertisements on some of our pages to set and access their cookies on your computer.%0D%0AAdvertisers' and researchers' use of cookies is subject to their own privacy policies, not Tencent's privacy statement. [...]
Description=Application is installed without user consent. Includes .exe files, autorun entries, registry entries and a BHO.
[Trickle.Gator]
Product=Trickle.Gator
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trickle.Gator connects to the internet without showing any information about that, actually it runs completely in background and connects to various gator websites. Sending and receiving information not shown to the user.
[WB.Hider]
Product=WB.Hider
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This browser helper object (BHO) installs itself secretly and connects to the internet without user consent.
[Win32.Agent.se]
Product=Win32.Agent.se
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=n.a.
Privacy=n.a.
Description=Downloader-Agent for Adware. Downloads several chinese adware products.
[WinAntiVirusPro2006]
Product=WinAntiVirusPro2006
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WinAntiVirusPro2006 copies dll to system and exe- and dll-file to the System-folder, create "WinAntiVirusPro 2006"-folder.%0D%0AThis startup entry is started automatically from AutoRun ("WinAntiVirusPro2006") in the registry and downloads and executes some install files
[Aest]
Product=Aest
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Aestcopies itself to harddisk without giving the user a possibility to cancel that process. Whe Aest is installed on the computer the computer is in a great danger for attacks through the internet
[Win32.Agent.y]
Product=Win32.Agent.y
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Nurvel.a connect to the internet without giving the user a possibility to cancel that process.
[Win32.Nurvel.a]
Product=Win32.Nurvel.a
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Nurvel.a connect to the internet without giving the user a possibility to cancel that process.
[DigitalNames]
Product=DigitalNames
Company=Novags
Threat=Malware
CompanyURL=http://www.novags.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It installs a windows service and an autorun entry to be loaded on every windows start. It contacts the server 222.239.74.153 and tries to update itself. It tries to bypass firewalls by inserting the server domain in an authorized section in the registry.
Description=Xupiter.Sqwire hijacks the IE startpage .It also adds many bookmarks to the IE favorites.%0D%0AIt contacts its websites and downloads further files. The uninstaller does not work at all.
[Clearsearch.Net]
Product=Clearsearch.Net
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The downloaded file connects to a sever and tries to download files. There are files with different names, which run in background and slow down the system. When several files are run at the same time, they are able to restart each other.
[FunWebProducts]
Product=FunWebProducts
Company=Focus Interactive , Inc.
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=FunWebProducts is supposed to install funny icons or smileys.
Privacy=We do not collect any personally identifiable information (such as names or email addresses) about users of the Software or the Web Sites ("you"), unless you specifically decide to provide such information (such as by emailing a help request to us or when registering to use the My Info feature, as described below). We do not sell, rent or trade any personally identifiable information you provide when using the Software or the Web Sites.%0D%0A%0D%0AWhen you visit the Web Sites, we may place a small text file-called a "cookie"-on your computer that allows us to identify your Web browser. We use cookies to improve the quality of our service, and to store your preferences and settings. Importantly, a cookie does not allow us to obtain any personally identifiable information (such as your real name or address) unless you have specifically provided such information when using the Web Sites or the Software.%0D%0A%0D%0AWe also capture your source IP address which is a standard practice for most internet sites. We in no way associate your IP address with any cookies and do not use your IP address in conjunction with any personally identifiable information.%0D%0A%0D%0AIf any of the Web Sites or the Software is ever sold or all or substantially all of the assets relating to a Web Site or the Software are transferred to another entity, we may transfer all information provided by or collected from you, including personally identifiable information, in order to ensure continuity of your service.
Description=This trojan does install the described items and a lot of more applications the user did not ask for.%0D%0AIt is also detected as trojans by various antivirus scanners because it does not clearly state what it brings along.%0D%0A%0D%0A
[HomelandNet.DL]
Product=HomelandNet.DL
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a desktop security notifier from a so called security website concerned about us security.
Privacy=
Description=depending on variant the software from homelandnetwork connects to the internet without user consent and uses variable ports to do so.%0D%0Athe more malicous variant builds up more than 600 connections to various IP adresses, it also infects numerous exe-files and connects to the internet as a WebDav client.
[DiaRemover]
Product=DiaRemover
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The program claims to be an antispyware solution. After a scan a popup appears and says that the computer is infected with spyware, even when the scan finds nothing. DiaRemover seems to be the same fraud application as SpywareSheriff.
[E2Give]
Product=E2Give
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This piece of malware downloads numerous files from the internet, it is perpetually running in the background and fills the computer with all kinds of garbage.In addition to this it can also be used as a keylogger.
[Vcodec.Intcodec]
Product=Vcodec.Intcodec
Company=Intcodec.com
Threat=Malware
CompanyURL=http://www.intcodec.com/
CompanyProductURL=http://www.intcodec.com/
CompanyPrivacyURL=
Functionality=IntCodec is a multimedia compressor/ decompressor which registers into the Windows collection of multimedia drivers and integrates with any application using Direct Show and Microsoft Video for Windows.
Privacy=
Description=Program claims to be a media codec, but it is a malware downloader. Installs a library which is a popup alert: "Your computer is infected." Downloads a SpywareQuakeInstaller file.
[BankAsh]
Product=BankAsh
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Saves information about users programms and emails in log-file (Windir\logs-Directory), also installs a BHO. All is done without user consent.
Functionality=Booked is silently installed with other software (e.g. MThree MP3 to WAV).
Privacy=Disclaimer of Warranties. ALL SERVICES AND SOFTWARE PROVIDED BY BOOKEDSPACE ARE PROVIDED %0D%0A"AS IS." BOOKEDSPACEAND ITS AFFILIATES, SUBSIDIARIES, PARENT COMPANIES, AGENTS, NETWORK %0D%0ASERVICE PROVIDERS, PARTNERS, OR EMPLOYEES MAKE NO WARRANTY TO YOU OR ANY OTHER PERSON OR %0D%0AENTITY, WHETHER EXPRESS, IMPLIED, OR STATUTORY, AS TO THE DESCRIPTION, QUALITY, TITLE, %0D%0ANONINFRINGEMENT, MERCHANTABILITY, COMPLETENESS, OR FITNESS FOR A PARTICULAR USE OR PURPOSE %0D%0AAS TO THE SERVICES OR SOFTWARE PROVIDED TO YOU, OR AS TO ANY OTHER MATTER, ALL SUCH WARRANTIES %0D%0AHEREBY BEING EXPRESSLY EXCLUDED AND DISCLAIMED. YOU ASSUME TOTAL RESPONSIBILITY AND RISK FOR %0D%0AYOUR USE OF THE SOFTWARE OR SERVICES. NEITHER BOOKEDSPACE NOR ANY OF ITS AFFILATES, SUBSIDIARIES, %0D%0APARENT COMPANIES, AGENTS, NETWORK SERVICE PROVIDERS, PARTNERS, OR EMPLOYEES WARRANTS THAT %0D%0ATHE SOFTWARE OR SERVICES WILL BE FREE FROM ANY VIRUS OR OTHER CODE THAT IS CONTAMINATING OR %0D%0ADESTRUCTIVE BY NATURE AND YOU ARE RESPONSIBLE FOR IMPLEMENTING AND MAINTAINING SUFFICIENT %0D%0APROCEDURES TO SATISFY YOUR PARTICULAR REQUIREMENTS FOR ACCURACY OF DATA INPUT AND OUTPUT %0D%0AAS WELL AS PROTECTION FROM SUCH VIRUSES OR OTHER CODE THAT MAY CONTAMINATE OR DESTROY YOUR %0D%0ASYSTEM OR DATA.
Description=BookedSpace is a BHO that displays ads. The URLs of visited pages can be sent to third parties in combination with a user ID.%0D%0ABookedSpace may also download and install other third-party software (malware). It is installed without user consent.
[NewWeb]
Product=NewWeb
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=If NewWeb is installed on the system the user will get a lot of unwanted popups and advertising when he is surfing the web. NewWeb runs in a hidden mode in the background of the system and there is no normal way to uninstall the application.
Functionality=monitoring Internet activity, harddisk (s. PurityScan)
Privacy=Several PROMOTIONAL CONSOLES (daughter console/interstitial) may be launched for the duration of time you spend online. These consoles may continue to be launched as long as you have PurityScan installed on your machine. PurityScan does not monitor the activities or collect information from users once they have left PurityScan.%0D%0AWe may use customer contact information from the registration form to send the user information about our company and promotional material from some of our partners. The customer's contact information may also be used to contact the visitor when necessary and shared with other companies who may want to contact our visitors. Demographic and profile information may also be used to tailor the visitor's experience at our site, showing them content that we think might interest them. We may disclose information you enter during the join process to third parties.
Description=The file has the ability to monitor every Internet or harddisk activity. May show the user content that PurityScan thinks might interest the user. (s. privacy.) Basically the privacy policy does not protect the users privacy at all.
[MaxFiles]
Product=MaxFiles
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Ipwins.exe is run in background on system startup. The directory with the files is downloaded by some Adware-Trojans (e.g. Win32.Agent.y). The directory with all files is installed without any user consent. Ipwins.exe has the ability to download whole websites and save them on the system.
[AntispywareSoldier]
Product=AntispywareSoldier
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AntispywareSoldier is related with Smitfraud-C. which often shows you popups telling you that your computer is infected with spyware. If you click on these popups AntispywareSoldier gets downloaded and the user cannot cancel the process. Once installed it finds a lot of problems that all are brought to you by AntispywareSoldier. When the user wants to solve these problems he has to buy a licence.
[Daily Toolbar]
Product=Daily Toolbar
Company=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Daily Toolbar gets installed by Smitfraud-C. and directs your Internet Explorer to some dangerous websites.
[MaxSearch]
Product=MaxSearch
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=MaxSearch is a toolbar in the Internet Explorer which is installed against the will of the user. By clicking on this toolbar the user is linked to dangerous websites. The toolbar includes an uninstall-function, but these function does not remove the toolbar completly.
[Huntbar.Web Search]
Product=Huntbar.Web Search
Company=IBIS, LLC
Threat=Spyware
CompanyURL=http://www.websearch.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=The WebSearch Toolbar is a free web search and navigation service that works directly within the Internet Explorer.
Privacy=IBIS SERVICE MAY COLLECT AND STORE INFORMATION ABOUT THE WEB PAGES YOU VIEW, THE DATA YOU ENTER IN ONLINE FORMS AND SEARCH FIELDS, THE "CLICKS" YOU MAKE, THE IP ADDRESS, URL AND COUNTRY OF THE SITES YOU VISIT, YOUR IP ADDRESS, INFORMATION ABOUT YOUR BROWSER AND OPERATING SYSTEM, AND THE PRODUCTS YOU PURCHASE ONLINE WHILE USING THE SERVICE.
Description=A toolbar that collects information about the web pages you view. Not fully compatible with internet Explorer 5. Basically privacy violation.
[Kuaiso.a]
Product=Kuaiso.a
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file changes startpage and searchpages of the Internet explorer, installs a BHO and the Kuaiso toolbar. It also changes security settings of the Internet explorer.
[LetsCool.Wallpaper]
Product=LetsCool.Wallpaper
Company=www.letscool.cn Inc.
Threat=PUPS
CompanyURL=http://www.letscool.cn/
CompanyProductURL=http://www.letscool.cn/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The application is installed without license agreement or user consent and changes your desktop wallpaper every few minutes. Therefore there are about fifteen bitmaps downloaded from pic.letscool.cn and stored in the program directory. Also, a BHO is installed with some .exe for e.g. updates.
[MarketDart]
Product=MarketDart
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=File may hijack Browserpages and an autorun entry is made to run file on system startup. When run, the program tries to connect to the internet without user consent.
[Win32.Small.fb]
Product=Win32.Small.fb
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs Winsock Lsps (this can cause hijacking and/or spying on all networkconnections). It also connects to the internet without user consent.
[Krepper-G]
Product=Krepper-G
Company=Searchportal
Threat=Malware
CompanyURL=
CompanyProductURL=http://wm.kannylizaciya.info/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Connects over smtp (email) to the internet (wm.kannylizaciya.info) and sends information to mailspool.freeuk.net and other mailingservers.%0D%0APlease restart your pc after "fixing problems" and scan again with Spybot to delete the leftovers.%0D%0AWebsite is not acvtive any more.
[SurfAccuracy]
Product=SurfAccuracy
Company=SurfAccuracy Inc.
Threat=Spyware
CompanyURL=http://www.surfaccuracy.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It displays advertisement popups during surfing the web. An autorun entry affects that it starts on every windows startup. I updates itself without users interaction. It also sends information of your surfbehaviour to surfaccuracy.com (e.g webpages you visit and word you search for at google)
[WSearch]
Product=WSearch
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It installs a BHO which runs on every Internet Explorer start. During surfing the internet new IE windows are loaded with ads. It also downloads further files from the internet. Autorun entries are created, too.%0D%0AAdditionally the uninstaller does not work correctly, it leaves the BHO and other entries in the registry and also its program folder.
[IGetNet.WinStart]
Product=IGetNet
Company=IGetNet, LLC
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware can install silently in background, it does not show up on screen but installs a file in systemdirectory and starts this file at Systemstart. The installed WinStart001.exe also connects to the internet in background.%0D%0AAll of this is done without user consent.
[VX2.NetPal]
Product=VX2.NetPal
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some usefull toolbar for the Internet Explorer
Privacy=
Description=Installation completes without showing any EULA/Privacy Policy. There is no option to cancel the installation nor to uninstall after installation. VX2.NetPal registers itself as a browser helper object for the Internet Explorer but does not show itself. If the Internet Explorer connects to the internet, the "toolbar" connects to fixed ip to retrieve data from there.
[WPA_Reset5]
Product=WPA_Reset5
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to hide the WPA notifications from MS if the version of Windows is not activated.
Privacy=
Description=Reset5 adds itself to the Winlogon and as a service to get started with every boot . It appears to do some resetting of the Windows Product Activation, this may cause that Windows has to be reactivated again.%0D%0AThere is no option to uninstall Reset5, and since it constantly runs in background , is not controllable by the user and can cause him to active his/her copy of Windows a multiple times it is considered possibly unpopular software (PUPS).
[Zlob.BigDown]
Product=Zlob.BigDown
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be Microsoft msconfig
Privacy=
Description=once executed Zlob.BigDown connects to the internet in background, downloading additional Malware, deleting the entries in the hosts file and all favorites in the IE, it also removes the start and searchsites in the IE.%0D%0AAdditionally it displays a locally installed html-document on the desktop , warning that Spyware has infected the computer and advertises for RazeSpyware. It may also add icons for online casinos.%0D%0ARemoval requires the user to log off and log in again or reboot.
[Virtual Bouncer]
Product=Virtual Bouncer
Company=
Threat=Trojan
CompanyURL=http://www.spywarelabs.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Virtual Bouncer is supposed to kick malicious applications.
Privacy=
Description=This trojan gets installed without user consent. It warns the user in case that malware is installed.%0D%0AIf the user wants VirtualBouncer to remove the "found" malware he will have to pay.%0D%0ABecause of this and its habit to connect to the internet without user consent, Virtual Bouncer is categorized as Trojan.%0D%0A%0D%0AIt also installs AdDestroyer which is supposed to block ads, which does not happen.
[Downloader.Dstart]
Product=Downloader.Dstart
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Downloader.Dstart copies exe-files to the Windows and System folder. Also downloads AdultStore, TIBS, CoolWWSearch.Yexe, EffectiveBandToolbar, Mailbot etc.
[Mirar]
Product=Mirar
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Mirar connects to the internet, downloads and installs an IE-Toolbar without giving the user a possibility to cancel that process.%0D%0AStarts automatically via Autorun and copies itself to the system folder
[Pacimedia.BHO]
Product=Pacimedia.BHO
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Gets installed by Pacimedia without user consent.
[StartPage.NK]
Product=StartPage.NK
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=StartPage.NK connects to the internet and downloads Elitum.EliteBar, Pokapoka without giving the user a possibility to cancel that process.
[Win32.Dldr]
Product=Win32.Dldr
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Dldr connects to the internet and downloads Huntbar.Web Search, Peper, StartPage.NK without giving the user a possibility to cancel that process.
[GoldSpy]
Product=GoldSpy
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=GoldSpy copies msxlop.dll to the system folder and installs a browser helper object without user consent.
[Win32.Agent-gen.cws]
Product=Win32.Agent-gen.cws
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This Trojan includes CoolWWWSearch.Feat2Installer, CoolWWWSearch.Service and CoolWWWSearch.Feat2DLL%0D%0AThis Trojan installs through exploits, without user consent. It uses variable filenames and changes its filesizes and checksums frequently to avoid detection.%0D%0AIt is also capable of hiding its files in NTFS alternate data streams (ADS), so they can be reloaded if they have been deleted elsewhere.%0D%0ACoolWWWSearches has many function to reinstall and update itself , even if most of its parts have been removed.%0D%0AIt also creates multiple services to ensure that it stays on the users computer. CWS connects to the internet without user consent, downloads additional programs such as fraud antimalware software.%0D%0AIt can also hijack the Internet Explorer and may change the hostsfile to block proper antivirus websites and/or to enable access to malicious websites.
[LZIO.Small]
Product=LZIO.Small
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Trojan downloader and adware installer.
Privacy=
Description=Trojan downloader which is installed via Internet Explorer exploits visiting malicious web pages. Program downloads executable files and installs them without user consent. Downwloaded files can%0D%0Abe adware or other trojan downloader files.%0D%0A%0D%0AThe trojan file is also known as: Trojan.Downloader.Small (BitDefender), AdWare.Win32.DownloadWare (Kaspersky), Trojan/Dldr.Small (AntiVir).
[Banker.Delf]
Product=Banker.Delf
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan installs itself into the windows directory and creates an autorun entry to be loaded on every startup.Banker.Delf is installed he waits for new orders to harm the computer.
[Windows.Security.InternetExplorer]
Product=Windows.Security.InternetExplorer
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=The key "HKEY_CURRENT_USER,"\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN" (standard value is 1 with SP2) determines the ability to perform certain actions for local websites, i.e. websites saved on harddisk.
Privacy=
Description=The value is set to 0 (zero) by some malicious applications in order to deminish the security settings for the zone "local computer". (see http://msdn.microsoft.com/security/productinfo/XPSP2/securebrowsing/locallockdown.aspx for details)
[Banker.R]
Product=Banker.R
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This Trojan installs itself without user consent and starts itself at Systemstartup. Its files are named so that they can be confused with legit Windowsfiles.
[CashDeluxe]
Product=CashDeluxe
Company=CashUnlim Solutions
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It downloads malware from its website, and installs a browser helper object (BHO) which loads on every Internet Explorer startup. Addtionally it creates many bad files in the system directory.%0D%0AAdditinal removal information: Start your computer in safe mode and scan with Spybot - Search & Destroy.
Functionality=Targetsaver is secretly installed by iSearch Toolbar and I-Lookup.
Privacy=Overview%0D%0ATargetSaver gives Internet users the opportunity to use quality life-enhancing software such as "TargetWeather" and "QuickSweeper". These programs can be used free-of-charge in exchange for the right to display to the users advertisements that are relevant to their websurfing habits. These advertisemnents consist of coupons or money saving deals that are related to the types of websites the user is surfing, thus making sure that the user only sees advertisements that the user is interested in. By downloading any TargetSaver software, the user agrees to let TargetSaver display relevant contextual advertisements.%0D%0A%0D%0APersonal Information Storage and Identification%0D%0ATargetSaver does not store any personal information about users other than the industry standard non-personally-identifiable information such as which websites users visit, the IP address of the computer used to contact the TargetSaver webservers, and the user's browser version. A globally unique identifier is assigned to every user's computer in order to count unique installations and advertisement click-through logging. This ID is completely anonymous.%0D%0ATargetSaver does not use any cookies to track user activity; however, the advertisers websites that users may be directed to (via clicking on the advertisement) may use cookies to enhance the user shopping experience. TargetSaver recommends that the users review the privacy policies of these advertising sites and does not assume responsibility for the content on these sites.%0D%0A%0D%0AQuicksweeper and TargetWeather Privacy%0D%0ABoth the QuickSweeper and TargetWeather programs do not store any personally-identifiable information. TargetWeather stores the zip code information that the user supplies in order to display weather forecasts for this zip code.%0D%0A
Privacy=
Description=Targetsaver connects to its website and displays pop-ups thus making untroubled surfing impossible. It creates autorun entries to be loaded on every windows start. It also sends information about your system (e.g. name of your operation system) to targetsaver.
[PSW.Lineage]
Product=PSW.Lineage
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan installs itself into the windows directory and creates an autorun entry to be loaded on every startup. Banker.Delf is also installed and waits for new orders to harm the computer.
[PestTrap]
Product=PestTrap
Company=Popandopulos Ltd
Threat=Trojan
CompanyURL=http://www.pesttrap.com/
CompanyProductURL=http://www.pesttrap.com/
CompanyPrivacyURL=none
Functionality=supposed to be an antispyware software
Privacy=no privacy policy%0D%0A%0D%0Astatement in terms of use:%0D%0A"6. PRIVACY AND INFORMATION%0D%0AWe believe the privacy of all our users is important. Please review our%0D%0Aprivacy policy relating to the collection and use of your personal%0D%0Ainformation."%0D%0A
Description=installer may not work, installer attemps to download and install but fails miserably%0D%0Ainstaller is always modified to have a different checksum, which does not make sense for legal software of this kind, this can only have the purpose of making the installer harder to be detected by real protection software.%0D%0Acompany name ist not mentioned either in Eula nor in terms of use%0D%0A%0D%0Ait appears that the producer of the software claims to be using swedish jurisdiction while the website is registered to someone with a russian emailadress and being located in greece%0D%0Asame person and company as Spywaresheriff.
The program looks like an antivirus program. If it is installed at the computer it finds some malware which does not really exist and arrogates the user to buy a license of the program.
[Rightclick.Pcast]
Product=Rightclick.Pcast
Company=Rightclick
Threat=Trojan
CompanyURL=http://www.rightclick.com/au/
CompanyProductURL=http://www.pcast.com/
CompanyPrivacyURL=
Functionality=The file is an installer for pcast.
Privacy=
Description=The file connects to the internet and downloads setup.exe. This file is run and installs podcast (or pcast), a program designed for downloading images and movies from newsgroups. The Software is installed without user consent or any EULA shown. When installed, the program is instantly run and begins downloading images and displays them in a browserlike interface. There are entries in the registry, autorun and startup. Further there is a quicklaunch and a desktoplink. The program also changes some firewall settings in order to get unrestricted access to the internet. (This is not as stated on the webpage!). Obviously the name podcast is exploited.
[WinFixer2005]
Company=WinSoftware Inc.
Product=WinFixer2005
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=WinFixer is a data repair utility that nags the user to purchase.
Privacy=You may:%0D%0AA. make one copy of the WINFIXER 2005 for archival purposes, or copy the WINFIXER 2005 onto the hard disk of Your computer and retain the original for archival purposes for the period provided by WinSoftware Inc.;%0D%0AB. use the WINFIXER 2005 on a network, provided that You have a copy of the WINFIXER 2005 for each computer that can access the WINFIXER 2005 over that network for the period provided by WinSoftware Inc.; and%0D%0AC. purchase year subscription of WINFIXER 2005;%0D%0AD. be informed of any changes or updates regarding the WINFIXER 2005 by e-mail or any other contact method available for the period provided by WinSoftware Inc. by the time of Software downloading.%0D%0A%0D%0A2. Content Updates%0D%0ACertain WinSoftware Inc. products utilize content that is updated from time to time (antivirus products utilize updated virus definitions; content filtering products utilize updated URL lists; firewall products utilize updated firewall rules; vulnerability assessment products utilize updated vulnerability data, etc.; collectively, these are referred to as "Content Updates"). You may obtain Content Updates for any period for which You have registered a subscription for Content Updates for the WINFIXER 2005, downloaded a free copy, purchased upgrade insurance for the WINFIXER 2005, entered into a maintenance agreement that includes Content Updates, or otherwise separately acquired the right to obtain Content Updates. This license does not otherwise permit You to obtain and use Content Updates.%0D%0A%0D%0A3. Data Usage Consent%0D%0AYou agree that WinSoftware Inc. may collect and use technical information that You provide in connection with Your Use and request for technical support of the Product from WinSoftware Inc., however, WinSoftware Inc. will not use this information in a form that personally identifies You.%0D%0A%0D%0ADownloading free WINFIXER 2005 copy, you are not entitled to receive technical support nor the full functionality that comes with the Software until a license fee has been paid.
Description=WinFixer is a severely limited data repair utility that aggressively nags the user to purchase. It detects nonexistent critical errors on a PC.%0D%0A%0D%0A%0D%0A
[Fraud.ProtectionBar]
Product=Fraud.ProtectionBar
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a protection toolbar for the Internet Explorer
Privacy=
Description=There is no Eula or pirvacy poliy shown during installation . Toolbar only has links to a trojanwebsite which advertises rogue or malicious antispyware/antivirus tools.
[ISearchTech.PowerScan]
Product=ISearchTech.PowerScan
Company=ISearch Technologies
Threat=Spyware
CompanyURL=http://isearchtech.com/
CompanyProductURL=http://www.powerscan.com/
CompanyPrivacyURL=
Functionality=ISearchTech.PowerScan scans the computer for porn files and implies that it is also able to remove them.
Privacy=
Description=powerscan_installer%0D%0Aconnects to internet without user consent.%0D%0AIf the user wants to remove porn related items (the xxxtoolbar cookie is found for example) and clicks on the button , the Internet Explorer opens and connects to the power cleaner website.%0D%0APower-cleaner costs about 30 $ and is advertised as a remover for pornfiles.%0D%0AIf Internet Explorer is closed two new windows with ads for power-cleaner open up.%0D%0A%0D%0APowerscan_uninstaller only removes the directory in <$PROGRAMFILES> and the AutoRun Entry, the rest remains.%0D%0A
[Search.AnyOfUs]
Product=Search.AnyOfUs
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware runs in background and creates favorite links to various sites, including adult content. All links are redirected to a malicious searchsite.
[Zlob.HostsKill]
Product=Zlob.HostsKill
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware deletes the entries in the hostsfile except for localhost. Normally the hosts file is empty but can have malicious hosts redirected to localhost to block access to them. Emptying the hosts file will enable access to formerly blocked malicious websites.
[Zlob.IERedir]
Product=Zlob.IERedir
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be Mircrosoft Internet Explorer HTML Replace and Microsoft PreRedirector
Privacy=
Description=Ieredir.exe runs in background and adds itself to Systemstart as IE Redir. Preredir also runs in background and deletes ieredir.exe. Both have faked fileversion information. They do not belong to Microsoft.
[Zlob.HomepageMonitor]
Product=Zlob.HomepageMonitor
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware gets installed silently with the Incodec trojan. It does not appear on screen but runs silently in background and adds itself as a browser helper object to the Internet Explorer and uses policies to start itself at systemstart.
[Zlob.Inverse]
Product=Zlob.Inverse
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=hides its files from the WindowsAPI, thus making them invisible. Also adds its files to the systemstart via Winlogon, which enables its files to be started at any Windowsboot. Removal is very difficult from within a running Windowssession.
[EbayBil.F]
Product=EbayBill.F
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=EbayBill.F installs itself into the system directory of the operating system and tries to spy on personal user data. It is spread by email and looks like a very expensive ebay bill
[LinkMaker]
Product=LinkMaker
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=LinkMaker installs without user consent into the system directory of the computer and contacts a dangerous website by surfing to each normal domain. If the user types special key words popups with advertising appear.
[Win32.Agent.I]
Product=Win32.Agent.I
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan installs into the system directory of the computer and runs in a hidden process in the background of the system. It then waits for new orders to harm the computer.
[DailyToolbar]
Product=DailyToolbar
Company=Authorized Search Agents Inc.
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Daily Toolbar gets installed by Smitfraud-C. and directs the Internet Explorer to some dangerous websites.
[Deskbar]
Product=Deskbar
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Installs a deskbar on the right side of the taskbar.
Privacy=
Description=The tool "Deskarbuilder" makes it very easy to create new toolbars that appear on the right side of the taskbar. But lots of these toolbars get installed automatically without users permission. Utilizing these toolbars to perform a search often ends up in malicious websites
[AdMoke.a]
Product=AdMoke.a
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=File is supposed to be a downloader.
Privacy=
Description=As most trojans, this one does not do as supposed. It is supposed to be a dowloader but does not download these on user request.
[Troj.RPCS]
Product=Troj.RPCS
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a remote procedure call system from Microsoft
Privacy=
Description=This trojan, makes the user believe that it is a Microsoftfile to get executed. It will then register itself as a service to start itself at every Systemstart. It also starts the Internet Explorer in background.%0D%0A
[MySpaceBar]
Product=MySpaceBar
Company=MSBnetwork.net
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a must have toolbar for myspace users.
Privacy=
Description=MySpaceBar can be installed without any installationdialog, it appearently can be installed silently without user consent. Even the official installer nor the website do not show any EULA or privacy.%0D%0AThe toolbar requires a myspace.com account but is not related to myspace.com. When the IE is active with the Toolbar it constantly connects to an absolutely unrelated site.
[Microsoft.Windows.FileExe]
Product=Windows.FileExe
Company=
Threat=Hijacked Windows Setting
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This entry will show up if the filetype association for exefile has been changed. This can be done by trojans or malware which try to load their executable with any exe the user wants to start.
[Dmcast.Toolbar]
Product=Dmcast.Toolbar
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=appears to be some kind of toolbar for the Internet Explorer
Privacy=
Description=Toolbar installs without user consent in background. It also has multiple processes running in background and is related to other chinese trojans, which sabotage the computers security systems.
[CN.wAQdN]
Product=CN.wAQdN
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=this trojan runs in background, loads additional trojans from the internet, disables the Windows Security Center as well as common antivirus Software like McAfee and Norton.%0D%0AIt also hijacks the hostsfile and infects all locally saved html, htm and asp files. The trojan also changes the filetype association for exefiles and html files.%0D%0AIt uses various methods to get started at systemboot, such as registering itself as a service, starting via domainpolicies and systemstart entry.%0D%0A
[Hippy Notify]
Product=Hippy Notify
Company=Hippytyre
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Version 1.0:%0D%0AThe file editor.exe creates a server.exe trying to connect to ICQ using some parameters entered with the editor.%0D%0AThe file server.exe does also create an autorun entry, the values for this can also be modified, such as entry name and filename. The path appears to be alwas C:\Windows.%0D%0A%0D%0AVersion 2.0:%0D%0AThe file builder.exe creates the file server.exe which tries to connect via ICQ, parameters that can be changed are again filename, autorun entry name, ICQnumber, victim name and so on.%0D%0AThe server copies itself to the Windows folder.%0D%0APlease note that the names of the server and the autorun entry are variable.%0D%0A%0D%0AThe author hippytyre appears to be part of Nuclear Winter Crew.
[FakeEbayBill]
Product=FakeEbayBill
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=FakeEbayBill is a trojan that pretends to be an ebay bill, it copies its exe file to the systemfolder. It also creates an autorun entry to get started at sytemboot.
[Win32.Hupigon.C]
Product=Win32.Hupigon.C
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Hupigon.C opens UDP port 21 and several random TCP ports to listen for commands. The remote malicious user is able to use the program to conduct file operations.
[Zlob.ZCodec]
Product=Zlob.ZCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=%0D%0ALICENSE AGREEMENT %0D%0APLEASE READ THE FOLLOWING TERMS AND CONDITIONS AS CAREFULLY AS POSSIBLE BEFORE USING THIS PRODUCT. THIS IS A LEGALLY BINDING AGREEMENT WHICH REGULATES THE USE OF SOFTWARE, ISSUED TO THE CUSTOMERS FOR THEIR OWN USE ONLY AS SET FORTH BELOW. %0D%0AYOU ARE OBLIGED NOT TO USE THIS SOFTWARE OR ANY PART OF IT IN CASE YOU DO NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS AGREEMENT.%0D%0AUSING ANY PART OF THE SOFTWARE CONFIRMS THAT YOU ACCEPT THESE TERMS. %0D%0A%0D%0ALICENSE GRANT: The software is made available to you for your non-commercial use only. The licsense is personal, limited, non-exclusive, non-transferable and non-assignable. This license does not entitle you to receive any hard-copy documentation, support, telephone assistance, or enhancements or updates to the software%0D%0A%0D%0AASSENT: By installing the software, you agree to all paragraphs of this this Agreement and that it is a legally binding and valid contract, agree to abide by the intellectual property laws and all of the terms and conditions of this Agreement, and further agree to take all necessary steps to ensure that the terms and conditions of this Agreement are not violated by any person or entity under your control or in your service. %0D%0A%0D%0ARESTRICTIONS: %0D%0A%0D%0A1. You are obliged not to copy, modify, merge, sell, lease, redistribute, assign or transfer the software or any of its part in any matter%0D%0A2. You may not reverse engineer, decompile, or disassemble the software, except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation.%0D%0A3. You may not remove, alter, deface, overprint or otherwise obscure Licensor patent, trademark, service mark or copyright notices. %0D%0A4. You warrant that you will use the software only for lawful purposes and in accordance with this Agreement, and that you will not use the software in violation of any law, regulation or ordinance or any right of Licensor or any third party.%0D%0A%0D%0ATERM: This Agreement is effective until terminated. You may terminate this Agreement at any time by uninstalling the Licensed Works and destroying all copies of the Licensed Works. Upon any termination, you agree to uninstall the Licensed Works and return or destroy all copies of the Licensed Works, any accompanying documentation, and all other associated materials. %0D%0A%0D%0ASEPARATION OF COMPONENTS. The software is licensed as a single product. Its component parts may not be separated for use on more than one computer.%0D%0A%0D%0AWARRANTIES AND DISCLAIMER: EXCEPT AS EXPRESSLY PROVIDED OTHERWISE IN A WRITTEN AGREEMENT BETWEEN LICENSOR AND YOU, THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR THE WARRANTY OF NON-INFRINGEMENT. WITHOUT LIMITING THE FOREGOING, LICENSOR MAKES NO WARRANTY THAT (1) THE LICENSED WORKS WILL MEET YOUR REQUIREMENTS, (2) THE USE OF THE LICENSED WORKS WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE, (3) THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE LICENSED WORKS WILL BE ACCURATE OR RELIABLE, (4) THE QUALITY OF THE LICENSED WORKS WILL MEET YOUR EXPECTATIONS, (5) ANY ERRORS IN THE LICENSED WORKS WILL BE CORRECTED, AND/OR (6) YOU MAY USE, PRACTICE, EXECUTE, OR ACCESS THE LICENSED WORKS WITHOUT VIOLATING THE INTELLECTUAL PROPERTY RIGHTS OF OTHERS. SOME STATES OR JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY MAY LAST, SO THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU. IF CALIFORNIA LAW IS NOT HELD TO APPLY TO THIS AGREEMENT FOR ANY REASON, THEN IN JURISDICTIONS WHERE WARRANTIES, GUARANTEES, REPRESENTATIONS, AND/OR CONDITIONS OF ANY TYPE MAY NOT BE DISCLAIMED, ANY SUCH WARRANTY, GUARANTEE, REPRESENATION AND/OR WARRANTY IS: (1) HEREBY LIMITED TO THE PERIOD OF EITHER (A) THIRTY (30) DAYS FROM THE DATE OF OPENING THE PACKAGE CONTAINING THE LICENSED WORKS OR (B) THE SHORTEST PERIOD ALLOWED BY LAW IN THE APPLICABLE JURISDICTION IF A THIRTY (30) DAY LIMITATION WOULD BE UNENFORCEABLE; AND (2) LICENSOR'S SOLE LIABILITY FOR ANY BREACH OF ANY SUCH WARRANTY, GUARANTEE, REPRESENTATION, AND/OR CONDITION SHALL BE TO PROVIDE YOU WITH A NEW COPY OF THE LICENSED WORKS. %0D%0AIN NO EVENT SHALL LICENSOR OR ITS SUPPLIERS BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT LICENSOR HAD BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND ON ANY THEORY OF LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OF THE LICENSED WORKS. SOME JURISDICTIONS PROHIBIT THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, SO THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU. THESE LIMITATIONS SHALL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. %0D%0A%0D%0ASOFTWARE TRANSFER. You may permanently transfer all of your rights under this EULA, provided the recipient agrees to the terms of this EULA.%0D%0A%0D%0AAll trademarked names mentioned in this document and software are used for editorial purposes only, with no intention of infringing upon the trademarks.%0D%0A%0D%0ANo part of this publication may be reproduced without written permission from the Licensor%0D%0A
Description=Zlob.ZCodec downloads other trojans and hijackers like Porn Hijacker, Prorat-D, Huntbar, Optra etc.
[ABetterInternet.DHCP]
Product=ABetterInternet.DHCP
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan adds itself to the systemstart and pretends to be a "DHCP Hotfix". It also bypasses the WindowsFirewall. Appearently also connects to abetterinternet servers.
[Microsoft.Windows.Security.FirewallOpenPorts]
Company=Microsoft
Product=Windows.Security.FirewallOpenPorts
Threat=Security Settings
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=These entries will be shown if some ports for the Windows Firewall have been opened. Usually these ports are closed, or opened by user reference. Normally opening ports is not recommended, allowing applications is better suited for most users. Malware and trojan may open the ports to enable remote access to an infected computer.
[Dialer_XX]
Product=Dialer_XX
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Illegal content dialer with many variations, that may install or run without user consent and/or do not clearly state the costs.
[Win32.Agent.h]
Product=Win32.Agent.h
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs a BHO which tries to connect to a chinese website (wghome.cn) on IE-startup, both without user consent.
[Dotcomtoolbar]
Product=Dotcomtoolbar
Company=WorldToStart B.V.
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It installs an toolbar for the internet explorer and hijacks your Internet Explorer startpage and searchassistent.
[DialerPlatform]
Product=DialerPlatform
Company=DialerPlatform Ltd.
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality='Supposed' to be a dialer.
Privacy=
Description=The file may download some files known to be part of Smitfraud or UpToFind.RelatedSearch. It is therefore a trojan horse and not, as the name may suppose, a dialer.
[qqHacker.IE-Bar]
Product=qqHacker.IE-Bar
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file installs a BHO, which tries to download files from a chinese hackersite without asking the user. It also makes some entries in the registry.
[typereg32.IE-Bar]
Product=typereg32.IE-Bar
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=The file pretends to be an Active-X file.
Privacy=
Description=The file installs itself as a BHO and tries to connect to a remote server. It also makes some entries in the registry.
[Megasearch]
Product=Megasearch
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This toolbr downloads and installs masses of other trojan horses, hijackers and malware.
[Spionfrei]
Product=Spionfrei
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Spionfrei claims to be a antispyware solution. When the user starts to scan the computer the software shows some dangerous problems that are false positives and wants the user to buy a licence otherwise he would not be able to fix the problem.
[TV Media]
Product=TV Media
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=TV Media is a hijacker and also sends information into the internet.
[Naupoint]
Product=Naupoint
Company=Visicom Media inc.
Threat=HiJacker
CompanyURL=http://www.naupoint.com/
CompanyProductURL=http://naupoint.com/toolbar/
CompanyPrivacyURL=http://naupoint.com/toolbar/
Functionality=The Naupoint Toolbar is a toolbar for Internet Explorer that offers a popup blocker, web search, a dictionary, zoom function and some other features.
Privacy=12. UPDATES. You grant Naupoint.com permission to add/remove features and/or functions to the existing software and/or service, or to install new applications, at any time, in its sole discretion with or without your knowledge and/or interaction. You also grant%0D%0ANaupoint.com permission to make any changes to the software and/or service provided at any time.,%0D%0A%0D%0A13. SERVER INTERACTION. You understand and accept that when the software is installed, it periodically comminutes with a server operated by Naupoint.com and/or third party servers.%0D%0A%0D%0A14. INFORMATION COLLECTION. You understand and grant Naupoint.com permission to assign each copy of the software an unique software identify code. You grant Naupoint.com permission to collect and store information on which toolbar buttons you click on and the search terms you entered on the toolbar.%0D%0A%0D%0A15. WEB SITES OPT OUT. You accept that persons who make information available on the Web do so with the expectation that such information will be publicly and widely available and will be indexed by information location tools such as search engines. You also accept that making links to publicly accessible web pages available from our Service is legally permissible and consistent with the common, customary expectations of those who make use of the Web. If access to a particular Web site is restricted, we will remove the link to that site from the Service at the site operatorÆs request. If, however, the operator of the site does not take steps to prevent it, Naupoint.com is likely to find it and index it again. Site operators should e-mail support@naupoint.com to have the link remove.%0D%0A
Description=Some variants are silently downloaded and installed by an active-X application as BHO for Internet Explorer. It can download and run software from the controlling server (naupoint.com). It also adds favorites , adds the site as startpage thus beeing a browser hijacker , redirects to its searchsite.
[Fake.Oleext]
Product=Fake.Oleext
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Files pretend to be valid Windows files for oleextension or wininit.dll
Privacy=
Description=The trojans fileinformation are faked to make the user execute the files.
[VX2.e.Favoriteman]
Product=VX2.e.Favoriteman
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This spyware installs in background as a browser helper object and secretly connects to its website when the Internet Explorer is started.%0D%0AIt transmits data without informing or asking the user.
[Hyperlinker]
Product=Hyperlinker
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This Spyware gets installed without user consent and runs in background, it also connects to the internet without user consent.
[Instafin]
Product=Instafin
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some valid toolbar
Privacy=
Description=This trojan gets installed through other trojans, it never asks the user for any kind of consent. It starts with the Internet Explorer and runs in background. It also connects as Visicom Toolbar and PostInstafin to its websites, this is done hidden from the user. Additionally the "toolbar" never shows up anywhere except for the uninstall menu. It appears that this trojans enables remote control of the infected computer.
[Smitfraud-C.MailBot]
Product=Smitfraud-C.MailBot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a Microsoft Outlook Wabber
Privacy=
Description=This trojan gets downloaded and executed in background, it accesses the adressbooks for several email clients like Microsoft Outlook, Eudora and The Bat!%0D%0AIt also creates temporary files , runs them in backgroud. For example it creates a batch file named like itself and executes it with the command executive.%0D%0ASince the trojan also access libraries used for internet connectivity, it is likely to access the internet without the users knowledge when it has aquired a certain amount of data.%0D%0AMay use WMF exploit to enter the computer.
[Smitfraud-C.FakeProxyUpdate]
Product=Smitfraud-C.FakeProxyUpdate
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a http proxy update for the internet explorer
Privacy=
Description=This trojan is a faked Microsoft file, it enters the computer via security holes such as the WMF exploit. It will run in background, access the internet and create and delete temporary files.%0D%0A
[Media Tickets]
Product=Media Tickets
Company=Media Tickets
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=name lets user suggest, that it enables access to media.
Privacy=
Description=Trojan runs in background, and also starts the Internet Explorer in background to connect to its downloadservers.
[WMF Exploit.NewYear2006]
Product=WMF Exploit.NewYear2006
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=poses as New Years Greeting Email Attached Picture or as a nerodll.exe
Privacy=
Description=connects to the internet and tries to download luckly.exe%0D%0Aalso opens the IE in background and connects it to the internet.%0D%0Aalso installs Fake.Wget Trojan%0D%0Acopies nerodll.exe into systemdirectory and enters the system through exploits like WMF
[Win32.Small.Act]
Product=Win32.Small.Act
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan copies its dll files to the system folder and runs without user consent
[DittoSideBar]
Product=DittoSideBar
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=DittoSideBar installs a BHO without user consent.
[Win32.LinkOptimizer]
Product=Win32.LinkOptimizer
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.LinkOptimizer installs a BHO without user consent.
[Win32.Feebs]
Product=Win32.Feebs
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=poses as windows files or unsuspicous files like hta files.
Privacy=
Description=while posing as unsuspecting files this trojan enters the computer and makes the user execute or overlook it, since it looks unsuspicous.
[VirusBurst]
Product=VirusBurst
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=VirusBurst claims to be a antispyware solution and gets advertised by dubious popups. If it is installed on the computer, it finds some entrys as malware which are totally harmless. When the user tries to fix these problems he has to buy a licence and so the programs tries to frighten users by showing false positives.
[Bifrose.LA]
Product=Bifrose.LA
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Bifrose.LA is a trojan that installs itself into the windows directory and starts automatically by system startup. When the computer is connected to the internet the trojan tries to connect to a server and waits for new orders to spy out the user.
[Cartao]
Product=Cartao
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Cartao gets started automatically by the autorun value "msbb" in the registry, also it copies itself to the system folder and tries to damage the computer.
[Haxdoor.Ki]
Product=Haxdoor.Ki
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This file contains a nasty payload that damages Windows beyond repair
[Win32.HacDef]
Product=Win32.HacDef
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.HacDef copies dll files to the system directory of the operating system and exe-files to the Windows-folder. Then it loads malicious software like SpySheriff, Win32.HacDef, Haxdoor-H
[Fake.Winupdates.WSCSVC_kill]
Product=Fake.Winupdates.WSCSVC_kill
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an update for Windows
Privacy=
Description=Runs in background and terminates the Windows Security Center to enable other malware to enter the computer.
[IRCBot.Player]
Product=IRCBot.Player
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some player embedded in webcode, that comes over IRC
Privacy=
Description=This trojan has no player functions. It runs in background and tries to access an IRC-client and open a channel.
[NousTech.UDefender]
Product=NousTech.UDefender
Company=NousTech Solutions Limited
Threat=Trojan
CompanyURL=http://nous-tech.com/
CompanyProductURL=http://www.udefender.com/
CompanyPrivacyURL=none
Functionality=supposed to be a 100% clean number 1 rated antispyware software
Privacy=
Description=product appears to be overall as Innovagest2000 Software, which are also used only for fraud.%0D%0A%0D%0Ashows nonexistent Critical Spyware Objects on users Computer and also counts 3 Items as 7
[Intexp.D]
Product=Intexp.D
Company=Intexp.D
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Intexp.D creates several entries in the registry and is so started automatically by the system startup. When the user tries to connect to the internet the trojan tries to connect to a server and waits for new orders to harm the computer.
[Win32.Agent.AVK]
Product=Win32.Agent.AVK
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The Trojan Win32.Agent.AVK copies itself into the system directory of your operating system and tries to connect to the internet. When the trojan is connected with a server he waits for new orders to spy out the user
[Win32.Small.BKF]
Product=Win32.Small.BKF
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.BKF redirects hundreds of pages to a very malicious search page.
[AccountMaker]
Product=AccountMaker
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AccountMaker copies various files to the system folder and tries to connect to the internet without giving the user a possibility to cancel that process.
[AdvancedSearchBar]
Product=AdvancedSearchBar
Company=
Threat=Malwate
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AdvancedSearchBar installs a SearchBar into the Internet Explorer without giving the user a possibility to cancel that process.
[Win32.Avkiller]
Product=Win32.Avkiller
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.AvKiller creates various autorunentrys with vaiable values. Additionally it copies itself to the root folder and duplicate itself with other names.
[MuKill]
Product=MuKill
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file opens port 666 for TCP/IP and lowers this way the security of the system. It saves the IP-address of the pc to a specified file.
[Win32.Small.asf]
Product=Win32.Small.asf
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file operates without user consent. It runs in background and creates a lot of registry entries.
[Win32.Agent.rk]
Product=Win32.Agent.rk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The original files delete themselves but have the ability to copy themselves. Functions of spyware are included such as looking for running processes or harddisk parameters. Tr-con.exe runs cmd.exe in background every time it is run and lowers the performance of the system.
[SCKeylogger]
Product=SCKeylogger
Company=Soft-Central
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It logs users surf and working behavior. Also all running processes are stored in that logfile. Additionally an TCP port is opened with the remote IP 67.28.113.71. It creates autorun-entries in the registry to be loaded on every windows start up.
[Win32.Agent.AGF]
Product=Win32.Agent.AGF
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.AGF copies itself into the system directory of the operating system and tries to connect to the internet. Then it waits for new orders to harm the computer.
[Banload.BHI]
Product=Banload.BHI
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Banload.BHI copies itself into the system directory of the operating system and tries to connect to the internet. Then it waits for new orders to harm the computer.
[Win32.Small.doi]
Product=Win32.Small.doi
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.doi copies itself into the system directory of the operating system and tries to connect to the internet. Then it waits for new orders to harm the computer.
[Zlob.iCodecPack]
Product=Zlob.iCodecPack
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and install various third-party spyware and malware to infected computers
[Zlob.HQCodec]
Product=Zlob.HQCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Win32.Small.czl]
Product=Win32.Small.czl
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.czl copies itself into the system directory of the operating system and tries to connect to the internet. Then it waits for new orders to harm the computer.
[Win32.Small.js]
Product=Win32.Small.js
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file copies itself as ddraw.exe into the system directory and also installs a file called ddraw posing as files for Microoft Direct Draw.
[Zlob.MSSearch]
Product=Zlob.MSSearch
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a Microsoft search software
Privacy=
Description=Disquises itself as a file from Microsoft to make the user execute the file. While executed it does not show up on screen an runs in background adding itself to kernel.dll in policies to get started hidden with any systemstart.
[IEFeatinstaller]
Product=IEFeatinstaller
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some feature installer for the internet explorer
Privacy=
Description=it runs in background and connects to the internet in background, it connects to a predefined ip adress and removes itself after that.
[Fake.WinsDriver]
Product=Fake.WinsDriver
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a win32 driver or wins driver
Privacy=
Description=This trojan runs in background and installs itself to multiple locations in systemstart, it also installs itself as a service and names itself win32 driver or wins driver.
[Win32.Adloaod.gw]
Product=Win32.Adload.gw
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The Trojan Win32.Adload.gw copies itself into the system directory of your operating system and tries to connect to the internet. When the trojan is connected with a server he waits for new orders to spy out the user.
[DropSpam]
Product=DropSpam
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=DropSpam claims to be a solution against spam but if the user installs it, DropSpam tries to connect to the internet and downloads a lot of trojans and malware. The privacy of DropSpam is insufficiently and the checkbox for accepting it is already selceted so the user can not disagree to it easily
[IconDropper]
Product=IconDropper
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=IconDropper drops a lot of malicious icons on the desktop and so the user can infect easily with trojans. IconDropper is in close relationship with DropSpam, another malicious software.
[Tarma]
Product=Tarma
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The Trojan Tarma copies itself into the system directory of your operating system and tries to connect to the internet. When the trojan is connected with a server he waits for new orders to spy out the user
[Win32.Agent.AWM]
Product=Win32.Agent.AWM
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The Trojan Win32.Agent.AWM copies itself into the system directory of your operating system and tries to connect to the internet. When the trojan is connected with a server he waits for new orders to spy out the user
[Win32.Viking.V]
Product=Win32.Viking.V
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The Trojan Win32.Viking.V copies itself into the system directory of your operating system and tries to connect to the internet. When the trojan is connected with a server he waits for new orders to spy out the user
[Win32.Agent.AVS]
Product=Win32.Agent.AVS
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The Trojan Win32.Agent.AVS copies itself into the system directory of your operating system and tries to connect to the internet. When the trojan is connected with a server he waits for new orders to spy out the user
[WinSmurf]
Product=WinSmurf
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WinSmurf is a tool which creates trojans that can harm other computers
[RegFreeze]
Company=
Product=RegFreeze
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=RegFreezer claims to be a antispyware solution and if it is installed on the computer, it finds some entries as malware which are totally harmless. When the user tries to fix these problems he has to buy a licence and so the programs tries to frighten users by showing false positives.
[Win32.Delf.JKH]
Product=Win32.Delf.JKH
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.JKH copies itself into the system directory of the operating system and tries to connect to the internet. Then it waits for new orders to harm the computer.
[Amircivil]
Product=Amircivil
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
This Malware adds itself to the Systemstart and installs itself without user consent.
[DeskMate.Tahni]
Product=DeskMate.Tahni
Company=
Threat=Trojan
CompanyURL=Oska Educational Systems Pty Ltd.
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse adds itself to systemstart and connects without user consent to the internet.It also downloads other trojan horses and malware like Zlob , SurfSideKick, Smitfraud-C.
[CastGen]
Product=CastGen
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse downloads other malware and trojans like ClimaxBucks.InternetOptimizer, Avenue Media and Media-Motor without user consent.
[Win32.Downloader.Wzip32]
Product=Win32.Downloader.Banload.aoo
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse poses as Winzip and adds itself as such in the systemstart. It also downloads other malware like ClientMn and Win32.Downloader
[Autodialer]
Product=Autodialer
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The dialer builds up an expensive connection to a german provider without informing the user about the fees.
[Axis]
Product=AXIS
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The dialer builds up an expensive connection to a german provider without informing the user about the fees.
[BD Internet Billing]
Product=BD Internet Billing
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This dialer tries to establish a connection (foreign call) to a server in australia. The connection gets started in a hidden mode in the background of the system without user permission.
[BTV Industries]
Product=Superdialer
Company=BTV Industries
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=BTV Industries is a company which developes dialer that try to build up an expensive dial up connection without informing the user about possibe fees.
[Cbit-Solutions]
Product=Cbit-Solutions
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Cbit-solutions is an illegal dialer that tries to establish expensive connections. The user cannot see how expansive these dial-up connection is and so he will not recognize in what danger he could be.
[ConnectMePlus]
Product=ConnectMePlus
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This Italian dialer tries to establish an expansive connection without informing the user about the special fees. So the user cannot see how expansive a connection is.
[Consul-Info B.V]
Product=Consul-Info B.V
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=4. Fⁿr den Verlust von Daten und Programmen und deren Wiederherstellung haftet Consul-info B.V nur in dem aus vorstehenden AbsΣtzen ersichtlichen Rahmen und auch nur insoweit, als dieser Verlust nicht durch angemessene Vorsorgema▀nahmen des Users vermeidbar gewesen wΣre.%0D%0A%0D%0A5. Consul-info B.V ⁿbernimmt keine Haftung fⁿr die fremden Internet-Inhalte, auf die der User mittels der Einwahl-Software zugreifen kann.%0D%0A%0D%0A6. Die HaftungsbeschrΣnkungen gemΣ▀ vorstehenden AbsΣtzen gelten sinngemΣ▀ auch zugunsten der Mitarbeiter von Consul-info B.V sowie deren Beauftragten.%0D%0A%0D%0A %0D%0A%0D%0AIV. Beanstandungen%0D%0A%0D%0A1. Beanstandungen bezⁿglich des Zahlungssystems richten Sie bitte an:%0D%0A%0D%0A%0D%0AConsul-info B.V%0D%0A't Rond 72%0D%0A2711 BZ Zoetermeer%0D%0AThe Netherlands%0D%0A%0D%0AE-Mail: info@consul-info.com%0D%0A%0D%0A%0D%0AUnbeschadet kⁿrzerer gesetzlicher Pflichten mⁿssen alle Ansprⁿche aus oder im Zusammenhang mit der Nutzung der Zahlungssysteme oder dieser AGB innerhalb eines Jahres nach ihrer Entstehung gerichtlich geltend gemacht werden oder sie sind fⁿr immer ausgeschlossen.%0D%0AFⁿr Streitigkeiten aus oder im Zusammenhang mit der Nutzung der Zahlungssysteme sind die Gerichte in Amsterdam / Niederlande ausschlie▀lich zustΣndig, sofern Sie Kaufmann sind, keinen festen Wohnsitz in Deutschland haben, Ihren Wohnsitz oder gew÷hnlichen Aufenthaltsort nach Wirksamwerden dieser AGB in das Ausland verlegt haben oder Ihr Wohnsitz bzw. gew÷hnlicher Aufenthaltsort zum Zeitpunkt der Klageerhebung nicht bekannt ist.%0D%0A%0D%0A2. Beanstandungen, die die Produkte / Angebote betreffen, richten Sie bitte an den auf der jeweiligen Seite zu findenden Anbieter."%0D%0A%0D%0A %0D%0A%0D%0AV. Salvatorische Klausel%0D%0A%0D%0ASollten einzelne Bestimmungen ganz oder teilweise unwirksam sein oder werden, so bleiben die AGB im ▄brigen gleichwohl gⁿltig. Unwirksame Bestimmungen sind so anzupassen, dass sie den Vorstellungen der Parteien am nΣchsten kommen. Dies gilt auch fⁿr den Fall einer von den Parteien nicht gewollten Regelungslⁿcke.%0D%0A%0D%0A%0D%0A%0D%0AVI. Schlussbestimmungen%0D%0A%0D%0ADiese Allgemeinen GeschΣftsbedingungen werden vom User durch die erstmalige Installation der Einwahl-Software unwiderruflich und vorbehaltlos anerkannt.%0D%0A%0D%0A%0D%0A%0D%0AEnde der Vertragsinformationen der Consul-info B.V.%0D%0A
Description=The Consul-Info B.V dialer connects to expensive toll numbers without user awareness.
[Dataline]
Product=Dataline
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Dataline dialer establishes an expensive connection to the USA without informing the user about the special fees.
[DerBiz]
Company=
Product=DerBiz
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This program installs a data communication connection with which the user connects to its own provider. This causes high tolls. At the same time the program redirects IE to the provider's web site and the user is unable to change the homepage
[Netvision]
Product=Netvision
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The dialer connects to expensive toll numbers without user awareness.
[New Media]
Product=New Media
Company=New Media
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=NEW MEDIA B.V.%0D%0A%0D%0AWalsoordensestraat 72%0D%0AWalsoorden, KD 4588 NL%0D%0ANiederlande%0D%0AFax: +31 114 68 72 78%0D%0A%0D%0Akundenservice@erotic-world.nl%0D%0A%0D%0AVersion: 2.60.68.095%0D%0AID: 006550%0D%0A%0D%0AHash: %0D%0A AC 96 09 EF 5F 60 1B 3B AE 97 D6 08 6E 3E 9E 42 89 2B DE AB%0D%0A
Description=New Media establishes an expensive connection to a 0190 number (EUR 1,98/min) without clearly informing the user.
Privacy=one2bill GmbH%0D%0APostfach 1320%0D%0A85626 Grasbrunn%0D%0A%0D%0ADetailed information on the contract (in German) can be found here:%0D%0Awww.one2bill.de/Dialer-AGB
Description=One2Bill establishes an expensive connection to a 0900 number (0900/90001530) without informing the user about the special fees.
[Phonerdial]
Product=Phonerdial
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The dialer connects to expensive toll numbers without users awareness.
Description=Establishes an expensive connection to 0190 numer (EUR 1,86/min) without users awareness.
[TripleSexoes]
Product=TripleSexoes
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=CONTRATO (Importante, leer)%0D%0A%0D%0Aíí Gracias por usar nuestro programa y BIENVENIDO al Contenido mßs caliente de la red !!%0D%0A%0D%0AA travΘs de tu PC podrßs acceder a los mejores espectßculos de sexo en vivo,%0D%0Atener los chats en directo mßs calientes, y muchos otros contenidos de lo mßs atrevido.%0D%0A100% an≤nimo, sin ninguna referencia personal (Sin n·mero de tarjeta de crΘdito) %0D%0A%0D%0APOR FAVOR RECUERDA:%0D%0A---------------------------------------%0D%0A╖ No hay tarifa de registro %0D%0A╖ Sin censura%0D%0A╖ Sin informaci≤n bancaria%0D%0A╖ Sin password%0D%0A%0D%0AInstrucciones y avisos:%0D%0A---------------------------------%0D%0ASi no eres mayor de 18 a±os, no puedes usar nuestro servicio para adultos.%0D%0ACon nuestro producto serßs conectado directamente a nuestra red de Internet,%0D%0Aseg·n la ubicaci≤n de tu paφs.%0D%0A%0D%0AImportante:%0D%0A----------------%0D%0AUsando la conexi≤n de este programa, tu PC finalizarß la conexi≤n del m≤dem%0D%0Ao tarjeta RDSI con tu Proveedor de Internet y establece una nueva conexi≤n%0D%0Aa nuestra RED PRIVADA.%0D%0A%0D%0ATu m≤dem o tarjeta RDSI marcarß un telΘfono de tarificaci≤n especial 906 y%0D%0Aestablecerß una conexi≤n telef≤nica con nuestra red privada de Internet. %0D%0A%0D%0AS≤lo se te va cobrar por esta llamada el precio establecido en los n·meros de tarificaci≤n%0D%0Aespecial 906 nivel 3.%0D%0A%0D%0AHora norm. 0,91Ç min + 0,1Ç establecer la llamada mas 16% IVA%0D%0AHora red. 0,85Ç min + 0,1Ç establecer la llamada mas 16% IVA%0D%0A%0D%0APor favor comprueba en tu compa±φa telef≤nica el precio exacto de la llamada%0D%0A%0D%0AEste serß el ·nico coste que tendrßs que pagar. Este coste depende de la hora en la que estΘs conectado.%0D%0APara determinar el coste exacto por minuto de la llamada, contacta con tu compa±φa de telΘfono.%0D%0ATu factura telef≤nica reflejarß cargos a un n·mero de tarificaci≤n especial 906 en base a Euros por minuto.%0D%0A%0D%0AEl producto y los contenidos son gratuitos, í t· s≤lo pagas la llamada telef≤nica !%0D%0AAhora simplemente CONECTATE Y DISFRUTA!!!%0D%0A%0D%0AGracias por usar nuestro Dialer.
Description=The connects to expensive toll numbers without users awareness.
[VacPro]
Product=VacPro
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This program is a trojan that tracks the user's surfing habits. There are several variants that create a registry entry under the specific name and copy files to the System32 folder.
[WWPack32Dialer]
Product=WWPack32Dialer
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The dialer connects to expensive toll numbers without users awareness.
[Xgenius]
Company=
Product=Xgenius
Threat=Dialer
CompanyURL=
CompanyProductURL=http://www.yodialer.com/
CompanyPrivacyURL=
Functionality=
Privacy=%0D%0AIhr Vertrag kommt zustande mit:%0D%0ASbac LLC%0D%0A709 Woodside Ave.%0D%0AWilmington, DE, 19809, US%0D%0AEmail: support@yodialer.com%0D%0Ahttp://www.yodialer.com%0D%0A%0D%0A---------------------%0D%0A%0D%0AAnwahlnummer: 090090000521%0D%0A%0D%0A---------------------%0D%0A%0D%0ANummernbetreiber:%0D%0AAnygate GmbH%0D%0AGinsterweg 7%0D%0A40668 Meerbusch%0D%0AGermany%0D%0AE-Mail: info@anygate.de%0D%0A%0D%0A%0D%0A%0D%0A
Description=The Xgenius dialer connects to expensive toll numbers without users awareness.
[Allwebsearcher]
Product=Allwebsearcher
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AllWebSearcher redirects the IE start page to a dangerous website and always reconnects to this particular site.
[Copiloto]
Product=Copiloto
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The Toolbar installs without user consent into the Internet Explorer and there is no way to uninstall it.
[IwantSearch]
Product=Iwantsearch
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Iwantsearch changes the IE start page to a dangerous website and redirects the user this site all the time.
[Media Access]
Product=Media Access
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This hijacker installs a toolbar in IE, creates popups with dubious contents and redirects the start page to a dubious search enginge.
[Process Guard Killer 2]
Company=Process Guard Killer 2
Product=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=Excerpt from the info:%0D%0A"PG2 Killer coded by LichttraegerYMF / 29.9.2004/ additionally using SDTrestore by SIG^2 G-Tec for Physically Memory Attack..."
Description=This program disables known security tools (e.g. ZoneAlarm) thus making the computer more vulnerable and enabling an attack. It can also be used to start and terminate services and to directly access the TaskManager.
[SmileyWorld]
Product=SmileyWorld
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This hijacker installs an IE toolbar and redirects everything to a very dangerous website
[TargetSearch]
Product=targetsearch
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Targetsearch sets the start page to a dangerous website and and redirects several popular sites to this page (e.g. www.msn.de, www.microsoft.com, www.heise.de)
[TNS-Search]
Product=TNS-Search
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This hijacker creates a false security warning when opening IE asking the user to download the latest virus definitions. In consequence, it will install an IE toolbar, redirect the IE start page and creates a lot of icons on the desktop.
[Windowssearch]
Product=Windowssearch
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Hijacks the startpage of the Internet Explorer
[Wow Access]
Product=Wow Access
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Wow Access changes the IE start page a dangerous website which cannot be undone.
[Macrosoft]
Product=Macrosoft
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Macrosoft installs itself into the window directory and runs on each system startup using a lot of resources without user consent and without any usefull effect.
[Phynix]
Product=Phynix
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Phynix installes itself on the computer and is running in the background using a lot of resources without user consent.
[QDown]
Product=QDown
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs itself on the computer and tries to spy on the users surf behaviour. When the computer is connected to the internet the program waits for new orders to harm the computer
[R-Bot]
Product=R-Bot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan copies itself to the System32 folder and removes its download file. Then it tries to connect to the internet and waits for new orders to harm the computer
[Rotue]
Product=Rotue
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Rotue installs itself on the computer and runs on each system startup using a lot of resources. When the computer is connected to the internet it waits for new orders to harm the computer
[PeopleOnPage]
Product=PeopleOnPage
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This program downloads several malware products from the internet and creates autorun entries thus running on each system startup without the user taking note of it. In addition to this the program installs itself to "C:\Program Files\AutoUpdate\" and places several files in the system folder without user consent or knowledge.
[SpyFighter]
Product=SpyFighter
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=SpyFighter pretends to be a valid antispyware software.
Privacy=
Description=SpyFighter gets advertised on malicous websites, which also advertise other bad antispyware products like Spysherrif and RazeSpyware. It has an insufficient privacy policy and detects parts of Spybot S&D as trojans.%0D%0AAlso SpyFighter connects to the internet when closing the application, this cannot not be prevented by the user.
overpriced fee.
[Admilli Service]
Company=
Product=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AdmilliService starts in the background on each system startup and causes popups.
[BancBan]
Company=
Product=BancBan
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=BancBan installs to the System32 folder and starts on each Windows startup gathering information about the web surfing habits of the user. Even worse, it also collects passwords for banking sites.
[Farmmext]
Product=Farmmext
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This piece of spyware creates popups and collects information about the surfing habits of the user.
[Harvester 2003]
Product=Harvester 2003
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Excerpts from the product's description:%0D%0A%0D%0AThe CD Key Harvester searches victims registry for Online Game CD Keys - Serials and sends them as an email (php) to your eMail Adress.%0D%0A%0D%0ATo do so the program creates a server file one can mail to the victim.
Privacy=
Description=Tries to spy on the user
[ISpyNow]
Product=ISpyNow
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The Keylogger ISpyNow runs in a hidden mode and records all keystrokes without the knowledge of the user. So it is possible to spy out passwords or other personal information.
[NiceSpy]
Product=NiceSpy
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=NiceSpy is a software which gets installed to spy on other computer users. The program runs in the background of windows and records all keytrokes, visited websites and used files.
[Popupper]
Product=Popupper
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This programs installs itself to several places on the computer and is always running in the background collecting information about the user's surfing habits.
[ProAgent 1.21]
Product=ProAgent 1.21
Company=
Threat=Spyware
CompanyURL=http://www.prohack.net
CompanyProductURL=
CompanyPrivacyURL=http://www.atmacasoft.com
Functionality=Ein Programm um Passw÷rter von gΣngigen Programmen wie ICQ, Trillian, MSN Messenger auszuspionieren
Privacy=
Description=ProAgent 1.21 is a program designed to spy out passwords from common applications like ICQ, Trillian, MSN Messenger, etc..
[Serial Thief]
Product=Serial Thief
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=A program to steal serials from online games.
[Smart-Hack Security Group]
Product=Smart-Hack Security Group
Company=
Threat=Spyware
CompanyURL=http://www.smart-hack.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This piece of malware spies on Yahoo! passwords.
[Sumom.A]
Product=Sumom.A
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Sumom.A pretends to be a P2P application.
Privacy=
Description=This spyware collects information about the user's surfing habits and sends this data to a certain IP address every other minute.
[XP-Logon-Password Logger]
Product=XP-Logon-Password Logger
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The program runs in the background of windows and records all keystrokes of the user without his consent.
[Adult Box]
Product=Adult Box
Company=ABox Ltd.
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=AdultBox is a system tray icon offering porn links.
Privacy=
Description=There are two processes belonging to AdultBox that run at Windows startup: ABox.exe (the one with the icon) and logon.exe (downloads code). A downloader process may also be dropped in the Downloaded Program Files folder.
[Blind Downloader]
Product=Blind Downloader
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Downloader with Auto Run and Error Message, Fake JPEG Format.
Privacy=
Description=After starting the Blind Downloader creates the file "Server.exe" which copies itself to the System32 folder as mswinsock.exe. This file is loaded on Windows startup and tries to establish a connection to one particular which allows attacks on the computer.
[Blue Eye Bot 2.0]
Product=Blue Eye Bot 2.0
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Blue Eye Bot 2.0 is a trojan that copies itself to the Windows system folder and perpetually tries to download itself again.
[Brainbuster brainbot]
Company=SmartBrainSoftware
Product=Active Skin
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SmartBrainSoftware is a trojan that tries to spy out the users behavior.
[Crowt-A]
Product=Crowt-A
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan installs itself to several places. E.g. it creates an exe file in the template folder and a dll file in the system folder. The program is running in the background all the time waiting for instructions from the internet, thus compromising systemsecurity.
[DevNet-Software-Group]
Company=DevNet-Software-Group
Product=SMW 1.04.0025
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan downloads files from an ftp site and installs them without asking the user for permission. Afterwards it collects information about the user.
[Dialui-A]
Product=Dialui-A
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tries to connect via modem to an expensive website, while pretending to be harmless.
[DILoader32]
Product=DILoader32
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tries to spy out the user while pretending to be harmless.
[DKAndSuns Fake Security Toolbar]
Product=DK&Suns Fake Security Toolbar
Company=DK&Suns
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a security toolbar for the Internet Explorer
Privacy=
Description=This toolbar installs itself without user consent and tries to lure the user to websites of rogue Antispyware and Antivirus programs like SpyTrooper and PSGuard.
[Dloader-Agent.WN]
Product=Dloader-Agent.WN
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan installs a client on the computer, connects to the internet waiting for someone to access the computer. It hides in the Windows folder and starts on system startup.
[Doly]
Product=Doly
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This program hijacks the browserstartpage. In addition it tries to download code from this site and thus allow an attack on the computer.
[DynDNS-Updater]
Product=DynDNS-Updater
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The DynDNS updater hides in the System32 folder and tries to establish a connection to its website without user consent.
[E-Gold]
Product=E-Gold
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan tries to download files from its website in the background without user consent.
[EES-Gateway]
Product=EES-Gateway
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=German dialer, that does not clearly state the costs.
[Evil-VNC]
Company=
Product=evil-vnc
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tries to spy on the user while pretending to be a VNC Software.
[FileFaker]
Product=FileFaker
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tries to spy out the user, while pretending to be harmless.
[FTP Center 1.3]
Product=FTP Center 1.3
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojanbuilder, software that creates trojan horses. Also pretends to be FTP related software.
[Hackarmy]
Product=Hackarmy
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This program copies itself to the \Windows\System folder under the name "winXPupdate.exe" and is run on each system startup. It tries to connect to an IRC server waiting for commands which it will then execute on the infected computer.
[HackDefender]
Product=Hackdefender
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Backdoor.HackDefender is a backdoor Trojan component that hides processes, services, and files
[Herman Agent]
Product=Herman Agent
Company=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan builder
[IEfeat-J]
Product=Iefeat-J
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Iefeat-J is an downloader for adware and installs itself in the
Registry, it downloads without user consent.
[IEfeat-K]
Company=
Product=Iefeat-K
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Iefeat-K attempts to download and execute adware from remote sites. The Trojan also creates a registry entry to ensure it is run at startup.
[InstaFink]
Product=InstaFink
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Hides in the program folder and runs in the background.
[Klorin]
Product=Klorin
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=A program to build up a trojan server.
Privacy=
Description=A tool to create trojan horses.
[Lineage-BA]
Product=LineAge-BA
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan LineAge-Ba installs itself into the system-directory of windows and gets started by every windows startup. It compromises systemsecurity and allows remote attacks on the computer.
[Morphine]
Product=Morphine
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tries to spy on the user while pretending to be harmless.
[NetShadow]
Product=NetShadow
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan builder
[Password Devil]
Product=Password Devil
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tries to spy out the user, while pretending to be harmless.
[Payload]
Product=Payload
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tries to spy out the user while pretending to be harmless.
[Peper]
Product=Peper
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan installs itself into the System32 folder and downloads numerous files from a server. It is run on each system startup and periodically checks the connection to its home server.
[Pinloader]
Product=Pinloader
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tries to spy out passwords by installing a trojan
[Pipas.A]
Product=Pipas.A
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Pipas.A is a trojan. It copies itself to the system32 directory and starts on every system start automatically.It also tries to connect to the internet and makes an attack to the pc through the internet possible.
[Prorat-D]
Product=Prorat-D
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This Trojan settles in the System32 folder, is controlled by some registry entries and it tries to connect to the internet.
[PWS-Banker.C]
Product=PWS-Banker.C
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan spreads via a fake email from T-Com claiming that the customer will have to pay 400 EUR and that an itemized bill can be found as an attachment. As this attached file has a double file extension (.pdf.exe). At first sight the user will only see the PDF extension and might execute it. This will create a trojan in the Windows folder that will be launched on each system startup making the computer vulnerable to attacks from the internet.
[Rana]
Product=Rana
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Rana is a trojan that enables complete control over another computer via internet. It hides in the windows folder under the names ctfmon32.exe, logon.exe and starts through a file in the autorun folder named svchost.exe. These files must not be mixed up with original Windows files with the same/similar names.
[Silk Rope 2000]
Product=Silk Rope 2000
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This program allows the user to create a trojan horse.
[Small-Add]
Product=Small-Add
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan copies itself to the System32 folder and creates an autorun entry under the name ("Vmtune") thus being launched on each system startup while pretending to be harmless.
[Small-PB]
Product=Small-PB
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan tries to download the file system86.dll or system87.dll from the internet and hide it in the System32 folder. Furthermore it creates an autorun entry and sends files through the internet without user consent.
[SpyBlocs]
Product=SpyBlocs
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=SpyBlocs is supposed to be an antivirus software.
Privacy=
Description=The program pretends to be an antivirus program. When it is installed on the computer it finds a lot of malware (that do not really exist) and that only can be removed by buying a licence.
[StartPage-N]
Product=StartPage-N
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan installs itself the Windows System folder and connects to the internet which makes it possible to spy on the PC.
[ST Impactus]
Product=Winbasic32
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tries to spy on the user while pretending to be harmless.
[Theef-B]
Product=Theef-B
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=Mail:
Description=Theef-B is a trojan kit including server and client.
[Theta-Server]
Product=Theta-Server
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Theta-Server allows the user to build his own trojan.
[TS-Server]
Company=TS-Edit
Product=TS-Server, TS-Client
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan that uses a server an client to access remote computers without user consent.
[VIX-Tools]
Product=VIX-Tools
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=VIX-Tools is a trojan kit, it enables users to distribute trojan horses.
[VMS-Server]
Product=VMS-Server
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tries to spy on the user while pretending to be harmless.
[Webus.D]
Product=Webus.D
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan copies itself into the Windows System folder and is launched on each system startup while pretending to be harmless.
[Win32.Agent.AEW]
Product=Win32.Agent.AEW
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan spreads through emails, installs itself in the system32 directory and tries to spy on the user.
[WinBasic32]
Product=Winbasic32
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tries to connect to its webpage in background without user consent. Also pretends to be harmless.
[Windows AdTools]
Company=
Product=Windows AdTools
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tries to spy on the user while pretending to be a legit windows tool. Installs a browser helper object (BHO), creates many registry entries and runs without user consent.
[Winser]
Product=Winser
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This program installs itself to the Windows folder, is added to AutoRun and makes computer accessible through port 80 without user consent.
[Z-Demon]
Company=Z-Demon
Product=Z-dem0n.exe
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This program connects to a client (trojan) on a remote computer making the computer completely remotely controllable. In addition to this the program can be used to access keyloggers on the "victim PC" and to open ports on it.
[Z-Quest]
Product=Z-Quest
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Starts with every windows startup and makes the system instable while pretending to be harmless.
[Connect MFC Application]
Product=Connect MFC Application
Company=Electronic Group Interactive
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legal porn dialer
Privacy=
Description=This is an illegal porn dialer.%0D%0AThe software and the dial number are German, the agreement is available in English only. This is illegal for german content dialers.%0D%0AIt may install an ActiveX component without asking the user.%0D%0A%0D%0AThe uninstaller does not remove the ActiveX component.
[EGDACCESS]
Product=EGDACCESS
Company=Electronic Group Interactive
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated; appears to be a direct access ActiveX dialer.
Privacy=illegaly not stated
Description=Dialer without any information given.%0D%0AThe company - which does not appear to be reachable - is known for misbehaviour concerning content dialer
[CoolWWWSearch]
Product=CoolWWWSearch
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This piece of malware hijacks the IE start page and redirects to its own sites. This will then lead to a malicious web search page causing popup windows while using IE. The sites may also advertise trojans and/or install them directly without user consent.
[CoolWWWSearch.Aboutblank]
Product=CoolWWWSearch.AboutBlank
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This piece of malware changes the IE start page to about:blank and redirects to a malicious search site. It also creates a popup about spyware removal and PC performance.%0D%0ASearch Bar, Search Page and SearchAssistant are set to the a local file, which redirects to different websites. Vital for removal of this is to remove the dbbd.dll.%0D%0AAlso, the IE web settings need to be restored.%0D%0A%0D%0AAffiliated with various rougue antimalware scanners, i.e. advertises for them.
[CoolWWWSearch.Aff.Winshow]
Product=CoolWWWSearch.Aff.Winshow
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated, according to the file name it is meant to be a pdf-manager library.
Privacy=
Description=The file pdfmgr.dll hooks up to the Internet Explorer and downloads and executes without user consent the submit.exe after the IE is startet.
[CoolWWWSearch.AllCyberSearch]
Product=CoolWWWSearch.AllCyberSearch
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This is a browser hijacker that redirects browser pages to the locally stored sp.dll and sets some browser pages to about:blank.%0D%0AIt adds WinsysRsr to System startup and adds an AutoRun entry for "Microsoft Update" with wuamgrd.exe.
[CoolWWWSearch.IEFeatInst]
Product=CoolWWWSearch.IEFeatInst
Company=CoolWWWSearch
Threat=Hijacker Download Client
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Internet Explorer Feature Installer
Privacy=
Description=This program downloads randomized files from the Internet and installs them on the local machine (e.g. ISTbar, GAIN, etc.). Furthermore it circumvents security settings in Internet Explorer by adding a couple of domains to the Trusted Zones (ZoneMap).
[CoolWWWSearch.XPlugin]
Product=CoolWWWSearch.XPlugin
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=This trojan appears to be a chm help file.
Privacy=
Description=The execution of the help file drops an exe file to the user's harddisk.%0D%0AWhen exectuted this file connects to the internet and downloads a dat file from searchtm.cc. Two more exe files and the xplugin.dll are placed to the sytem directory. The dll is registered and cannot be deleted unless the computer is rebooted.%0D%0A%0D%0AThe files appear to make changes to the IE settings referencing x-google.net and new-search.net.
[DeskwareSearchAddon]
Product=DeskwareSearchAddon
Company=Go Daddy Software Inc.
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=Privacy Policy Statement%0D%0A%0D%0AWe have created this privacy policy in order to demonstrate our firm commitment to your privacy and our concern with protecting the privacy rights of all consumers on the Internet. Please read the following privacy policy to learn about our information gathering and dissemination practices for the site.%0D%0A%0D%0AThe site does not take responsibility for the actions of hackers or others that may violate our Privacy Statement. For your privacy, we ask that you do not share your password with any third party. %0D%0A%0D%0A............................................................................. %0D%0A%0D%0A%0D%0AWhat Does our Privacy Policy include? %0D%0A%0D%0AThis Privacy Statement is included to share our philosophies and practices and is a part of our ongoing effort to serve and inform the Internet community and our consumers. %0D%0A%0D%0AThe site contains links to other websites and is not responsible for the privacy practices of such web sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects personally identifiable information. This privacy statement applies only to information collected for advertising on this Web site.%0D%0A%0D%0AWhat Information Does We Collect From You?%0D%0A%0D%0AWe request information from advertisers on our signup form. Here an advertiser must provide contact information. If we have trouble processing any part of the service, this contact information is used to get in touch with the advertiser. This information is passed along to partner search engines for them to setup accounts for our clients.%0D%0A%0D%0AWe send all new advertisers a confirmation email to verify email addresses. Advertisers will occasionally receive information on special deals and updates. If an advertiser's personally identifiable information changes (such as your zip code), or if an advertiser no longer desires our service, we will endeavor to provide a way to correct, update or remove that advertiserÆs personal data provided to us.%0D%0A%0D%0AThis website takes every precaution to protect our advertiser's information. When an advertiser submits sensitive information via the website, your information is protected both online and off-line.%0D%0A%0D%0AYour Questions or Suggestions Regarding This privacy policy.%0D%0A%0D%0AIf you have any questions or concerns about this privacy policy, regarding the security or the practices of this website, please click here%0D%0A%0D%0A%0D%0ADo Any Third Parties Receive or Collect Your Information Through Us? %0D%0A%0D%0AWe will NEVER sell advertisers contact information to third parties so feel free and secure to advertise and search. %0D%0A%0D%0A
Description=This browser hijacker changes the start page to its website. There are also some desktop icons created pointing to IE with URLs. These URLs point to searchingall website which is related to other malicious browser hijackers.
[ISearchTech.SideFind]
Product=ISearchTech.SideFind
Company=Integrated Search Technologies
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Sidefind is part of IST malware. It installs a browser helper object which is being downloaded from the sidefinder website without any user consent.
[Iwantsearch]
Product=Iwantsearch
Company=ICommerce Solutions S.A.
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=IwantSearchPlugin,%0D%0AThere is no download link on the website, also no official statement, no privacy statement. One will only find the Terms of Use (with Terms of Use not being available on web--search.com).
Privacy=Terms of Use%0D%0A%0D%0APersons under 21 years old.%0D%0AIf you are younger than 21 years old, you are prohibited from downloading, registering, or using IwantSearchPlugin. By using the Service, you warrant to IwantSearchPlugin that you are at least the age of 21.%0D%0A%0D%0AConsent of Use.%0D%0AYou agree, it is your sole responsibility to inform all users of computer that you have caused the software to reside that you will obtain their consent to this agreement before allowing them to use the computer to connect to the internet.
Description=IWantSearch is Browser Helper Object from a software company known for its parasitive Software and ill behaviour.%0D%0AAt certain URLs the BHO will show popup ads.%0D%0AThe search sites by ICommerce Solutions are very suspicious, too.%0D%0ADifferent searchsites by ICommerce Solutions are almost identical, with just the exception, that one does not have a link to the "Terms".%0D%0AA popup on iwantsearch website is a direct lie. It says that Spyware has been found on the computer. This popup leads to another ICommerce Solutions Website.%0D%0A%0D%0A
[Look2Me.BM2]
Product=Look2Me.BM2
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Not stated, judging by file name it seems to be some sort of updater.
Privacy=
Description=This browser hijacker redirects harmless websites to malicious ones with similar names.
[NavFailure]
Product=NavFailure
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=installs eloc.dll in systemdirectory and registeres it as BHO%0D%0Achanges IE pages to about:NavigationFailure, about:blank and www.google.de
[Network Essentials.Search-Exe]
Product=Network Essentials.Search-Exe
Company=not stated
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Browser "Enhancement" : redirection of internet browser to Search-Exe website for search-button.%0D%0Aadds additional links to favorites or bookmarks.%0D%0Aprovides links and ads based on the information of the visited websites.%0D%0Aredirection of certain urls , including 404-error page to Search-Exe website.
Privacy="You acknowledge that by accepting the terms and conditions documented herein you are also accepting the Privacy Policy, which is incorporated herein by this reference.[...] In the event of a merger, acquisition, asset or stock sale, bankruptcy, or other asset transfer (regardless of legal formality), any of our assets may be transfered to An assignee, including personal informatioin collected from visitors tou our Web site. Licensed Software incorporated into this product collects personal information. To learn more about how this information is collected and used please read our Privacy Policy Statement. Our Privacy Policy Statement can be accessed via the World" <End of text!>
Description=executeable and dll register various Registrykeys similar to other "Network Essentials" products.%0D%0Afor the time being the executeable does nothing else, the described "function" could not be confirmed yet.%0D%0A%0D%0Aexecuteable runs without anything shown onscreen and shut itself down.%0D%0Athe legal notice is not shown%0D%0Athere are no references to company name or website.%0D%0A%0D%0Asimilar product: Network Essentials.WindowEnhancer%0D%0A%0D%0Ahijacks brower search pages
[ClimaxBucks.InternetOptimizer]
Product=ClimaxBucks.InternetOptimizer
Company=Avenue Media
Threat=Malware
CompanyURL=http://avenuemedia.com/
CompanyProductURL=http://www.climaxbucks.com/
CompanyPrivacyURL=
Functionality=not stated, according to name it is supposed to accelerate the internet access
Privacy=no statement on "Internet Optimizer"
Description=Optimize.exe copies itself to c:\internet optimizer and/or the corresponding bootdrive. It also adds itself to system startup and runs in background with one visible process in taskmanager and one invisible process.%0D%0AThe file restarts itself if it is disabled. It may prevent other software from working properly. The uninstall routine does not work.
[EnConfidence]
Product=EnConfidence - My Daily Horoscope
Company=EnConfidence
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=EnConfidence shows daily horoscopes and advertising. It collects user information for statistics.
Privacy=Introduction%0D%0A%0D%0A"The Enconfidence Ad Software does not collect or maintain any personally identifying information about you [..] .The software does track the Web sites you visit through your computer as a means to assess your interests. Generally, such information is anonymously aggregated with the information of other users to determine interests and trends. It is possible, however, that we could use the information regarding specific sites that you visit to send you Enconfidence Ads that might be of particular interest to you. However, even in such circumstances, the Enconfidence Ad Software will not associate such information with other information that would enable us to identify you, as we do not obtain or maintain any personally identifying information.%0D%0A%0D%0AInformation Collected by Enconfidence and How It's Used%0D%0A%0D%0AWe intentionally do not seek information that would enable us to learn your identity, nor do we obtain or maintain personally identifiable information about you such as email addresses, last name, street addresses, or phone numbers or any other sensitive or personal financial information, such as credit card numbers, login IDs, passwords or bank account numbers. Warning: Enconfidence will never ask you for any such personally identifiable information. %0D%0A%0D%0AThe Enconfidence Software does, however, transmit limited non-personally identifiable information (the "Collected Information"), such as your computer's IP address, type of browser and operating system, unique software ID, version of the Enconfidence Software, internal software status indicators (including error codes to determine if the Enconfidence Software has encountered any internal errors), a tag that identifies any Enconfidence distribution partner from whom you may have downloaded or installed the Enconfidence Software, Web sites that you may visit, whether you have interacted with any Enconfidence Ads or registered for any products or services advertised by an Enconfidence Ad (although we will not obtain or maintain any of the registration information), your astrological sign and your time zone. We collect information regarding your Web surfing habits so that we can target advertisements and promotions that may be of the most interest to you. We will aggregate such information with the information of other consumers so that we can identify trends within our user base. We may share such information with our Advertisers to give them a sense of the interests of our users, such as informing a client that we have 10,000 users who visit Internet travel sites.%0D%0A%0D%0ACollected Information also includes keyword and error search queries entered in your browser. Please note that search query information collected by the Enconfidence Software is generally maintained by us on an aggregated basis (i.e., together with the queries of all of our end-users) for the purposes of generating statistics regarding the use of the Enconfidence Software (such as the number of queries performed by the average end-user per month, a list of the most popular query terms, etc.), and is never used in a manner that associates specific search query information with other information that would enable us to identify you, as we do not obtain or maintain any personally identifying information. We may transmit search terms or phrases to certain third parties with whom we may have subcontracted to obtain Internet search results or other services in response to such search queries. We may also use search query information to send you Enconfidence Ads that might be of particular interest to you based on the search query information.%0D%0A%0D%0AIn the event that Enconfidence merges with another company, transfers or sells substantially all of its assets or capital stock to a third party, all Collected Information would be included in the merger, transfer or sale and that company would be bound by these Terms and Conditions just as we are bound today.%0D%0A%0D%0AIf legally required to do so, we will disclose to a third party any information we have.
Description=The web installer appears to be OK, but manual installers - which are packed with other malware - install silently without the users' consent.
[Freshbind]
Product=Freshbind2.01
Company=EvilEyeSoftware
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Freshbind 2.0 is a file binder which you can use to combine two or more files into one executable. Bound files are encrypted so should be unrecognised by any external application while bound (they will return to their original state upon extraction). Files can be of any type, where possible they will be run/opened with their default application. Each bound file can be extracted to the Windows, System, Temp or current directory. In this version there are 3 execution options (visible, hidden or none) and 2 registry startup options. Most executable files will run hidden when instructed to do so, however this is sometimes not the case for other files (test on yourself if you are unsure).
Privacy=not stated
Description=This piece of malware does what it is supposed to do and does not make any connection to internet. However, the authors are known to produce malware, trojans and tools for misuse. This software is clearly meant to be used against other users.
[HG ICQ Notify]
Product=HG ICQ Notify
Company=Vito
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated
Privacy=not stated
Description=The HG-ICQNotifier.exe creates a Server.exe, with 3 variable parameters, victim name, ICQ# and trojan name%0D%0Awhile the HG-ICQNotifier.exe does not connect to the internet, the Server.exe does so using the 3 parameters to connect via ICQ.
[Interlaced]
Product=Interlaced I+II
Company=e-freak
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Interlaced I:%0D%0AThis a file binder; it can combine 2 files, which will then be packed into one executable. once executed both files will be executed and stored in the Windows folder under file names like TEMP$ab.suffix or TEMP#cd.suffix, with abcd being numbers from 0 to 9%0D%0A%0D%0AInterlaced II:%0D%0AThis is also a file binder; it can combine multiple files , e.g. executables, media and other files into one executable. Once the new file is executed all files in it are executed in the way defined during binding.%0D%0AIcons can also be changed.
Privacy=No privacy statement, but the author suggests usage for binding multiple trojans into one file.
Description=Interlaced I does what it is supposed to do, see above.%0D%0AInterlaced II does what it is supposed to do, files that are to be bound can also be set to executed hidden.%0D%0AInterlaced II does not do harm to the user itself, but it was obviously created to do harm to other users' computers.%0D%0A%0D%0AThese tools are intended to be used as Trojan makers.
[ISearchTech.ISTrecover]
Product=ISearchTech.ISTrecover
Company=ISearchTechnologies
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=IST_recover is able to download and install ISTsvc; if ISTsvc is disabled in AutoRun, IST_recover will create a new AutoRun entry for ISTsvc.%0D%0A%0D%0AIf ISTsvc is not installed or has been removed, IST_recover will download and install ISTsvc. This Malware operates without user consent.
[ISearchTech.ISTsvc_Updater]
Product=ISearchTech.ISTsvc_Updater
Company=ISearchTechnologies
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality="IST has developed a product aimed at both the surfer and the webmaster in the form of an addictive Internet Explorer toolbar. Designed by the webmaster, it brands the webmaster's website and creates surfers loyalty too.%0D%0A%0D%0AThe toolbar can be built and distributed through a highly effective affiliate program aimed at the webmaster or anyone that is willing to cash-in their traffic by distributing IST products."
Privacy=
Description=ISTsvc_updater connects to the internet and installs ISTsvc.%0D%0AIt does not state required information.%0D%0AISearchTechnologies tends to use several exploits to install its software without user consent.
[ISearchTech.Javainstaller]
Product=ISearchTech.Javainstaller
Company=Integrated Search Technologies
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=If you are visiting the IST website and search the internet from the website, we collect the following information: your Internet Protocol ("IP") address, which may include a domain name; the name of and information about any advertisement that brought you to the IST website; searches you perform, links you click on; and computer and connection information such as browser type and version, operating system, and platform. We also transmit cookies to your computer so we can know your browser's language, the version of our site you viewed and the country you are from.
Description=After execution of the applet in IE, it directly connects to the internet, connecting to%0D%0Aactivex.microsoft.com trying to get the file ocget.dll in directory /objects/.%0D%0AIt then connects to codecs.microsoft.com and tries to get ocget.dll in directory /isapi/%0D%0ABoth are not available.%0D%0AThis still means, that the applet tries to install activeX components without user consent.%0D%0AThe applet does not show anything in the browser.%0D%0A%0D%0AThis applet tries to download istdownload.exe and install it without user consent.%0D%0A%0D%0A%0D%0AThe applet does not run with the current JavaVM 1.5 or newer.
[Look2Me.Topconverting]
Product=Topconverting
Company=Crazywinnings Inc
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Topconverting hijacks the hostsfile, and thus redirecting websites.%0D%0AIt downloads and installs other malware/spyware and trojans without user consent.%0D%0A It hooks up to the IE and Explorer and opens the IE regularly with malicious websites.
[Nuclear Hitman]
Product=Nuclear Hitman
Company=not available
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=program enables user to use multiple proxies to "hit" a target url repeatedly
Privacy=not stated
Description=programs function describes a DOS-attack
[Rbot-VN]
Product=Rbot-VN
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated
Privacy=not stated
Description=Rbot-VN enables remote access to the infected computer. It can be remotely controlled to delete data, steal data, send emails and download files.
[Remote Removal Tool]
Product=Remote Removal Tool
Company=nuclearwinter
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Introduction%0D%0A%0D%0ARemote Removal Tool v0.1 was designed to give a kind of protection to your PC or to other PCs remotely so it's able to run as a Console or hidden. It uses an encrypted removal list (created by you) to remove any file and delete its startup keys and end the process, This detection can be done by defining the process name or the file size. It's also able to check the registry startup keys directly for a specific file name to check if that name is starting up with windows. This is usually used for programs that inject .dlls and exit the process. It's also used in the same way to detect servers with specified file sizes. For example if a file is 2323 bytes, its starting up means it has a key in startup locations in the registry. Remote Removal Tool will detect the server and remove it. This is an editable Removal tool, so it can be used to remove worms, trojans etc. The kill list can be updated from time to time, because Remote Removal Tool will check for an updated list after a number of startups set by you. Remote Removal Tool will also scan the processes for packed files, and it will warn you about those packed files running in the processes.
Privacy=Remote Removal Tool v0.1 is provided for educational pruposes only. I and NWC take no responsibility for any illegal use of this Software.%0D%0A%0D%0ANote To The Sexy Anti Virus Companies : This is not a malware so fuck off a little kthx
Description=Remote Romoval tool does not appear to be able to do remote access, the documentation is too poor to make much sense about remote removal of worms or trojans.%0D%0AIn case the software does work properly, it would be too easy to target proper programs and services, and such a software which is made for "educational" purposes is actually very clearly made as malware.%0D%0AAuthor and website are affiliated with other malware sites such as e-freak.
[SARS]
Product=SARS
Company=Nuclear Winter Crew, Prince Ali
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=This application enables the attacker to get notifications from infected computers; the attacker can configure the Notifier in many ways.
Privacy=
Description=SARS appears to do what it is supposed to do: invade peoples privacy
[SpywareStormer]
Product=SpywareStormer
Company=Spyware Stormer, Inc
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=SpywareStormer is supposed to detect and remove malicious spyware.
Privacy=Use of Personal Data Collected%0D%0APersonal data collected by Spyware Stormer, Inc. may be used by Spyware Stormer, Inc. for many reasons, for example, for editorial and feedback purposes, for marketing and promotional purposes, for a statistical analysis of users' behavior, for product development, for content improvement, or to customize the content and layout of Spyware Stormer, Inc.'s service. Aggregate data on visitors' home servers may be used for internal purposes but will not be provided to third parties such as marketing firms. Individually identifying information, such as names, postal and email addresses, phone numbers, and other personal information which visitors voluntarily provide to Spyware Stormer, Inc. may be added to Spyware Stormer, Inc.'s databases and used for future calls and mailings regarding service updates, new products and services, and upcoming events. %0D%0A%0D%0ASpyware Stormer, Inc.'s Right to Contact Users%0D%0ASpyware Stormer, Inc. reserves the right to contact service visitors regarding sales and other informational requests made through its web service.
Description=Spywarestormer gets advertised by known malicious software from Lop.com.%0D%0AThe installation occurs if the user clicks on "scan" on the spywarestormer website.%0D%0AScanning: Spywarestormer appears to scan properly but does not remove found items prior to registration and payment.%0D%0AThe scan results are totally exaggerated: tracking cookies are rated "High Risk" and Alexa is rated "Extreme Risk".
[Universal Notifier]
Product=Universal Notifier
Company=r3L4x
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Qoute:%0D%0AUniversal Notifier v1.0 by r3L4x%0D%0A%0D%0AUse this to add external notification %0D%0Ato any program - just fill out the boxes%0D%0Awith the correct information you want to %0D%0Arecieve and the URL to a compliant script.%0D%0A%0D%0AThe thing that makes UN different, is the %0D%0Ause of local variables. Using this you can%0D%0Aretrieve alot of different info about the %0D%0Amachine the server was executed on. %0D%0A%0D%0AWith a little tweaking, UN can work with%0D%0AANY php/cgi script used for notification.%0D%0AAll you need to do is change some of the %0D%0Avariables around - and viola, you have%0D%0Aa better notifier than what is built into%0D%0Awhat ever trojan you were using.%0D%0A%0D%0ABut right now, it is customized to work %0D%0Aflawlessly with the Parasite notification%0D%0Asystem, by Leeach.%0D%0A%0D%0AFeatures:%0D%0A 5.5kb packed - C++%0D%0A FWB - Dll injection into explorer%0D%0A Melt Server%0D%0A Works on NT based systems and 9x%0D%0A Startup%0D%0A%0D%0AThis software is FREE and OPEN SOURCE!%0D%0AVisit r3L4x.com for the C++ & Vb source.%0D%0A%0D%0ARemoval:%0D%0AUnder NT:%0D%0AKill Explorer.exe%0D%0ARemove win32_shell.dll & win_sh_handler.exe from %windir%0D%0A9x:%0D%0ARemove win32_shell.dll & win_sh_handler.exe from %windir%0D%0AAll:%0D%0ARemove win_sh_handler key from HKLM\Run%0D%0A%0D%0ADont depend on crapy built in notifiers on%0D%0Atrojans any longer!
Privacy=
Description=Product enables spying on other users, addon to parasite logger.
[Zlob.MN]
Product=Zlob.MN
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=this malware appears to be smart enough to detect VM enviroments, thus acting differently depending on computer configuration.%0D%0Ait accesses a lot of systemfiles and deletes itself if the enviroment is not "satisfactory". otherwise it will download additional code from the internet without user consent.
Functionality=supposed "ClipGenie Direct %0D%0Athe internet application that brings rich media content to you, %0D%0Adirectly to your hard drive. Now you can get all the best %0D%0Amovies, games and programs downloaded directly to your computer %0D%0A... while you sleep! And the best part is ... it's absolutely, %0D%0Atotally FREE!%0D%0A%0D%0AOnce you've subscribed to your favorite channels, just %0D%0Aclick on the ClipGenie Direct icon on your desktop and there %0D%0Ait is: all the media content you can handle, delivered to %0D%0Ayour computer on a regular basis. Just like a magazine subscription. %0D%0AAny time new content is available, ClipGenie Direct will %0D%0Adownload it automatically as soon as you connect to %0D%0Athe internet."%0D%0A%0D%0AAnd the best part is, it's right there on your hard drive. That %0D%0Ameans you get the cleanest, clearest, fastest-playing clips %0D%0Apossible. No more waiting for movies to download. No more %0D%0Abuffering. No more choppy videos with lousy sound. Just a %0D%0Aconstant supply of the best movies and games that the %0D%0Ainternet has to offer.%0D%0A
Privacy=WHY IS INFORMATION COLLECTED? %0D%0AAnonymous demographic information is collected for the purposes of delivering marketing messages that better match your interests and demographic profile. %0D%0AIf you visit our Web site http://www.ClipGenie.com, we collect and store only the following nonpersonally-identifying information from you: the name of the domain name from which you access the Internet (e.g., aol.com, if you are connecting from an America OnlineTM account); the date and time you access our site; and the Internet address of the Web site from which you linked directly to our site. We use this information to measure the number of visitors to the different sections of our Web site and to help us make our site more useful to visitors. %0D%0APersonally identifying information we collect and store about you is the information you choose to provide to us when you subscribe to ClipGenie.com or purchase items at ClipGenie.com. ClipGenie registration process may require you to give us contact information (like your name and email address), unique identifiers (like your social security number), financial information (like your account or credit card numbers), and demographic information (like your zip code, age, or income level). We use customer contact information from the registration form to send you information about our company, promotional material from some of our partners, and third parties. %0D%0A%0D%0AWHEN AND HOW IS INFORMATION COLLECTED?%0D%0AUpon installation of ClipGenie Direct, your computer is assigned a unique numerical identifier. This unique identifier allows ClipGenie' servers to measure and report aggregate information (such as the number of people who read an advertisement, or the number of times an advertisement is seen) to advertisers. It also allows ClipGenie to collect information regarding your use of and interaction with advertising so that we can deliver advertising content that is more relevant to your own particular wants and needs, and avoid subjecting you to overly repetitive ads. %0D%0ACookies û ClipGenie may also use "cookie" technology to monitor user activity on the ClipGenie Web site. A "cookie" is a small amount of data that is created by a Web server and stored on your local hard drive upon your first visit to a Web site. Cookies identify you to, and can only be accessed by, the Web server that assigned the cookie. Cookies streamline and personalize your Web browsing experience by storing passwords, purchases, and personal preferences like Web page layouts, Web content, stock symbols, etc., so that you do not have to reenter this information every time you visit a particular Web page. %0D%0ATechnology from ClipGenie Direct resides on your local system and operates when active in the background, dynamically collecting and transmitting volunteered anonymous demographic information and volunteered personally identifying information about you. The demographic information collected and transmitted may also include information about your operating system, Internet Protocol Address, and Internet service provider (ISP). %0D%0A%0D%0AWHAT INFORMATION IS COLLECTED?%0D%0AAnonymous demographic information collected by ClipGenie may include, but is not limited to, your: (a) gender; (b) age; (c) zip code; (d) operating system; (e) Internet protocol address. Such demographic information may be collected whenever you provide it to ClipGenie, or to other third parties while interacting with the application. Information such as (a) what advertising messages you have seen in ClipGenie; (b) what advertising messages you have clicked on inside ClipGenie; (c) how many advertisements you have viewed inside ClipGenie may be collected at any time, even if ClipGenie is not active. %0D%0A%0D%0AWHAT PERSONALLY INDENTIFYING INFORMATION IS COLLECTED?%0D%0APersonally identifying information collected by ClipGenie may include, but is not limited to, your: (a) first and last name; (b) home or other physical address including street name and number, and name of city or town; (c) email address, and; (d) telephone number (e) credit card or other financial information. Such personally identifying information is collected only when you VOLUNTARILY provide it to ClipGenie.%0D%0A%0D%0AHOW IS INFORMATION USED?%0D%0AThe demographic and personally identifying information collected by ClipGenie may be maintained separately and/or combined to create user profiles. The demographic and personally identifying information, and/or the user profiles may also be supplemented by information derived from third-party information vendors. The demographic and personally identifying information collected by ClipGenie, and/or the user profiles, may be used by ClipGenie, its licensees, licensors, agents, and assigns, and/or its client software companies and developers, as well as shared, rented, leased, sold, or otherwise made available to third-party marketing entities, advertisers, and other parties and entities, at the sole discretion of ClipGenie. Some of ClipGenie 's clients may use the demographic and personally identifying information to personalize Web pages and target ads, products and services to consumers. %0D%0A%0D%0ACONTACTING THE COMPANY%0D%0APlease address any questions or comments regarding the ClipGenie privacy practices to:%0D%0ANew Harmony Enterprises Limited%0D%0A2001 Central Plaza, 18 Harbour Road%0D%0AWanchai, Hong Kong HK%0D%0Acontact@ClipGenie.com%0D%0A%0D%0A%0D%0A
Description=The execution of the file dwcg2.exe will show the license agreement, add an AutoRun entry and, at process kill, connect to internet without user consent. It installs on "download" --> download means download and not install%0D%0A- automatically runs in background%0D%0A- adds to AutoRun without user consent%0D%0A- does not show anything on screen when running.
[DuplicateFileKiller]
Product=DuplicateFileKiller
Company=Ace Zip Soft
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to find duplicate files on users computer
Privacy=%0D%0AISearchTech License%0D%0APERSONS 17 YEARS OLD AND UNDER. If you are younger than 18 years old, you are prohibited from downloading, registering, or using the Service.
Description=affiliated with ISearchTechnologies, connects to ISearchTech Servers after installatation%0D%0Adoes not restrict users under age of 18 although this is stated in EULA, can also install various other malware, hijackers and spyware affiliated with ISearchTech (ISTBar, Slotchbar and so on) %0D%0AInforation text also speaks about other affiliates: BullsEye , ShopAtHomeSelect ,Internet Optimizer , 180search Assistant%0D%0A%0D%0AInstallationfiles for ISTBar and Slotchbar are placed on the users computer
[ICommerce Solutions.DSManager]
Product=ICommerce Solutions.DSManager
Company=ICommerce Solutions S.A.
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=This piece of spyware appears to be a Browser Helper Object with no stated functions
Privacy=
Description=The website , does not have a valid link to privacy nor does the web search work anymore.%0D%0AIt belongs to the foul company ICommerce Solutions S.A..%0D%0A%0D%0AIt appears to have redirected search keywords from google and yahoo to its malicious search site.
[KaosKaiser.PSPVKS_II]
Product=KaosKaiser.PSPVKS_II
Company=Kaos
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Kaos is a protected password stealer.
Privacy=not stated
Description=The passwordstealer checks IE and Outlook for saved accounts and passwords, it can also determine the used email servers.%0D%0AIt then creates a file containing information about all the accounts and passwords and the exe file will be deleted.
[NicTechNetworks.Zestyfind]
Product=NicTechNetworks.Zestyfind
Company=NicTechNetworks
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Creates links to bad websites on desktop and causes popups when closing the Internet Explorer.
[SplashSpot]
Product=SplashSpot
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=This software promises prizes by playing games, registration is required.
Privacy=Information Gathered From Members%0D%0AIf you elect to be a Member on SplashSpot.com, you will be required to provide us with certain personal information, including your name, e-mail address, credit card number, expiration date, and billing address (this required information is subject to change from time to time). There will also be opportunities for you to provide us with additional information regarding your preferences and interests. This information, however, is not required and is completely optional on your part. %0D%0A%0D%0AAdditional data may be collected from Members based upon certain services they elect to utilize on our web site. For example, we may track the categories of greetings you send in order to make appropriate recommendations for products or services available on our site or those of our Business Partners. Members may register for specific SplashSpot.com Newsletters, which are e-mail alerts to track important dates and occasions they specify. By obtaining this information, we can provide our Members with specific content and advertising in which they might be interested. None of this information is required to use our service or to become a Member; however, the omission of certain types of data will limit the value of your membership. %0D%0A%0D%0AIf you become a Member of SplashSpot.com, we may share your registration information with our partner sites. We may also disclose your offline address to postal advertisers and catalogue marketers. %0D%0A%0D%0ASplashSpot.com's Uses of Personal Information%0D%0AIf you have provided us your consent, we will use the information we have collected about you in five ways: %0D%0A%0D%0ATo send personalized, targeted information that we think our users will find relevant, either from SplashSpot.com or directly from its Business Partners; %0D%0ATo include targeted advertising within such messages; %0D%0ATo send promotions and coupons based on the user's interests; %0D%0ATo contact the user for feedback and surveys; and %0D%0ATo send the user other information about SplashSpot.com. %0D%0AOn-Site Advertising%0D%0ASplashSpot.com may also use information about you to target advertising while you are visiting our site. We may also use geographic or other information we have collected from you to make sure that the ads you see are for goods and services that are actually of interest to you or are available in your area. We may use cookie files to assure that you will not be served the same ads repeatedly. %0D%0A%0D%0AInformation Sharing Between Affiliates%0D%0ASplashSpot.com is part of the Razor Media, LLC. SplashSpot.com reserves the right to share your personally identifiable information with its marketing partners, including your e-mail, postal address, phone number, and purchase history. We may use that information to conduct joint promotions, offer you special premiums, and to share databases and equipment. We also reserve the right to share your personal information with other companies that Razor Media, LLC may subsequently acquire. We will only share your credit card information among our affiliates if you expressly give us permission to do so. %0D%0A%0D%0A
Description=Having registered the ss.dll, a connection to mmviewer website is established.Ss.exe and splashspotgames.exe do not appear on screen after execution, they get copied to the System folder and continue to run in background without user consent.
[Wind Updates]
Product=Wind Updates
Company=CDT Inc.
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated
Privacy=License:%0D%0A%0D%0ABY DOWNLOADING OR INSTALLING, REGISTERING FOR, OR USING THE SOFTWARE APPLICATION SERVICE AND/OR SOFTWARE, YOU ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, DO NOT INSTALL OR USE THE SOFTWARE APPLICATION SERVICES AND/OR SOFTWARE. %0D%0A%0D%0A"Windows ControlAd" is a permission-based contextual ad delivery application that provides access to a wide range of content, websites, applications and information offered by CDT, Inc. ("CDT") and its affiliates. Windows ControlAd will not collect information about the websites you visit and will not collect any information that will be used by CDT to identify you personally. The information that Windows ControlAd collects and transmits to CDT will be used to provide you with access to a wide range of content, websites, applications and information offered by CDT and its affiliates. Windows ControlAd can be uninstalled at any time by going to the "Add/Remove Programs" menu on your computer and clicking the "Remove" button next to the entry or entries for Windows ControlAd.%0D%0A%0D%0AFurthermore, to give surfers a rich Internet experience, CDT has partnered with various companies. Depending on your demographics and other circumstances, by installing Windows ControlAd you may also install the following applications and accept the terms and conditions of their End User License Agreements and Privacy Policies: %0D%0A- 180search Assistant: a permission-based search assistant application that provides access to a wide range of websites, applications and information. 180search Assistant will periodically direct you to our sponsors' websites, allowing you to compare products, services, and prices between websites. 180search Assistant will collect information about the websites you visit, but will not collect any information that will be used to identify you personally. The information that 180search Assistant collects and transmits will be used to provide you with access to comparative shopping opportunities at times when we consider them most relevant. 180search Assistant can be uninstalled at any time by going to the ôAdd/Remove Programsö menu on your computer and clicking the ôRemoveö button next to the entry for Uninstall 180search Assistant. To learn more about the 180search Assistant, please visit the 180search Assistant website at www.180searchassistant.com. With EULA located at: http://www.180searchassistant.com/eula.aspx%0D%0A- Internet Optimizer: a search companion that helps you find what you are looking for when you reach an error page (also known as 404). EULA located at: http://www.internet-optimizer.com/legal/EULA/ %0D%0A- Top Rebates: a shopping companion that helps you find better deals when you are doing online purchases. EULA located at: http://www.toprebates.com/cgi/shop.plx?pid=1150&page=eula %0D%0A- Target Saver: shows offers and services as you surf the web only when they are most relevant to you. EULA located at: http://www.targetsaver.com/eula.html %0D%0A%0D%0AAccess is made available only to those who accept the terms of the following agreement:%0D%0A%0D%0ABy accepting this agreement, I certify the following:%0D%0A- I am an adult, being at least 18 years of age. %0D%0A- I am the owner of this computer, or am authorized by the owner of this computer to install software on this system.%0D%0A- I understand that by accepting these terms and conditions, software will be installed on my computer.%0D%0A- To ensure you always have the latest version and for your convenience this software will automatically update itself from time to time once installed.%0D%0A- I understand the standards and laws of the community, site and computer to which I am transporting this material, and am solely responsible for my actions. %0D%0A- If I use these services in violation of the above agreement, I understand I may be in violation of local and/or federal laws and am solely responsible for my actions.%0D%0A- By accepting these terms and conditions, I will have released and discharged the providers, owners and creators of this software/site from any and all liability which might arise. By installing the software you agree to the terms of the preceding agreement. %0D%0A%0D%0A1. LICENSE GRANT. "You" means the person or company who is being licensed to use the software and/or service. "We", "us" means CDT Inc, "Software" means software owned by CDT Inc. and selected third party software, including any upgrades, modified versions, updates, additions and copies of the software. %0D%0A%0D%0AWe hereby grant you a nonexclusive, non-transferable, limited license to use one copy of the Software on the computer which this license agreement was accepted on subject to terms and conditions set forth below. The Software is "in use" on a computer when it is loaded into temporary memory (RAM) or installed into the permanent memory of a computer--for example, a hard disk, CD-ROM or other storage device.%0D%0A%0D%0A2. TITLE. This license is not a sale. We remain the owner of all right, title and interest in the Software. %0D%0A%0D%0A3. ARCHIVAL OR BACKUP COPIES. You may not keep back up copies of this software. %0D%0A%0D%0A4. THINGS YOU MAY NOT DO. United States copyright laws and international treaties protect the Software. You must treat the Software like any other copyrighted material--for example a book. You may not: %0D%0A%0D%0A-- copy the Software in any form, %0D%0A%0D%0A-- modify or adapt the Software or merge it into another program,%0D%0A%0D%0A-- reverse engineer, disassemble, decompile or make any attempt to discover the source code of this Software,%0D%0A%0D%0A-- place the Software onto a server so that it is accessible via a public network such as the Internet, or %0D%0A%0D%0A-- sublicense, rent, lease or lend any portion of the Software or Documentation. %0D%0A%0D%0A5. LIMITED WARRANTY. Use of CDT software and/or service is at your own risk. CDT provides the software on an "as is", "where is" basis with out warranty of any kind, either express, implied or statutory. %0D%0A%0D%0ATo the extent permitted by applicable law, THE FOREGOING LIMITED WARRANTY IS IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, AND WE DISCLAIM ANY AND ALL IMPLIED WARRANTIES OR CONDITIONS, INCLUDING ANY IMPLIED WARRANTY OF TITLE, NONINFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, regardless of whether we know or had reason to know of your particular needs. IN NO EVENT SHALL CDT BE LIABLE TO ANYONE FOR ANY UNAVAILABILITY, DELAYS, INACCURACIES, ERRORS OR OMISSIONS WITH RESPECT TO ANY INFORMATION USED RECEIVED OR TRANSMITTED BY THE SOFTWARE AND/OR SERVICE, OR FOR ANY DAMAGE ARISING THEREFROM OR OCCASIONED THEREBY, OR FOR THE RESULTS OBTAINED FROM THE USE OF SUCH INFORMATION, INCLUDING WITHOUT LIMITATION ANY RISK OF THE INTRODUCTION OF COMPUTER VIRUSES, INVASION OF PRIVACY AND ANY RISK ARISING OUT OF ANY CONTENT TRANSMITTED OR RECEIVED IN CONNECTION WITH THE USE OF THE SOFTWARE OR THE SERVICE. YOU ASSUME THE ENTIRE RISK FOR THE ACCURACY, ADEQUACY, COMPLETENESS, CORRECTNESS, VALIDITY AND QUALITY OF ANY INFORMATION. %0D%0ANo employee, agent, dealer or distributor of ours is authorized to modify this limited warranty, or to make any additional warranties. %0D%0A%0D%0ASOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM STATE TO STATE. %0D%0A%0D%0A6. LIMITED REMEDY. CDT`S LIABILITY TO YOU OR ANY THIRD PARTY ARISING OUT OF OR RELATED TO THIS AGREEMENT HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE WILL NOT EXCEED $1 (ONE DOLLAR) OR THE FEE, IF ANY, PAID BY LICENSEE FOR THE SOFTWARE, WHICHEVER IS GREATER. %0D%0A%0D%0A7. DAMAGE LIMITATIONS. IN NO EVENT WILL WE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INDIRECT, SEPCIAL, INCIDETNAL, OR CONSEQUENTIAL DAMAGES, INCLUDING ANY LOST PROFITS, LOST SAVINGS, OR OTHER INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING FROM THE USE OR THE INABILITY TO USE THE SOFTWARE, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF THESE DAMAGES. YOU EXPRESSLY RELEASE INDEMNIFY CDT, IT'S EMPLOYEES, AGENTS, DISTRIBUTORS, SUPPLIERS, PARTNERS, ADVERTISERS, BOARD OF DIRECTORS FROM ANY AND ALL CLAIMS, DEMANDS OR CAUSES OF ACTION BOTH KNOWN AND UNKNOWN ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE SOFTWARE AND/OR BLAZEFIND.COM THE RIGHTS GRANTED HEREIN ARE PERPETUAL AND WORLDWIDE. SOME STATES DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION MAY NOT APPLY TO YOU. IF OUR LIMITED WARRANTY AND/OR LIMITED REMEDY SHALL BE HELD INEFFECTIVE OR TO HAVE FAILED THEIR ESSENTIAL PURPOSES, OUR TOTAL LIABILITY FOR DAMAGES, WHETHER IN CONTRACT, TORT OR OTHERWISE, SHALL NOT EXCEED THE LICENSE FEES PAID BY YOU FOR THE SOFTWARE LICENSED HEREUNDER. %0D%0A%0D%0A8. TERM AND TERMINATION. This license agreement takes effect upon your use of the Software and remains effective until terminated. You may terminate it at any time by destroying the Software in your possession. You agree on termination of this license to destroy all copies of the Software in your possession. You may uninstall the software by by going to the "Add/Remove Programs" menu on your computer and clicking the "Remove" button next to the entry or entries for Windows ControlAd. %0D%0A%0D%0A9. CONFIDENTIALITY. The Software contains trade secrets and proprietary know-how that belong to us and it is made available to you in strict confidence. ANY USE OR DISCLOSURE OF THE SOFTWARE OR OF ITS ALGORITHMS, PROTOCOLS OR INTERFACES, OTHER THAN IN STRICT ACCORDANCE WITH THIS LICENSE AGREEMENT, MAY BE ACTIONABLE AS A VIOLATION OF OUR TRADE SECRET RIGHTS. %0D%0A%0D%0A10. CHILDREN 13 YEARS OLD AND UNDER. If you are thirteen years old or younger, you are prohibited from downloading, registering, or using the Service. By using the Service, you warrant to CDT that you are above the age of thirteen. In addition, parents or guardians of children over the age of thirteen should be aware that the Service is designed to appeal to a broad audience. Accordingly, it is your responsibility to determine whether any portion of the Service is inappropriate for your child. %0D%0A%0D%0A11. CONSENT OF USE. You agree that it is your sole responsibility to inform all users of computer that you have caused the software to reside that you will obtain their consent to this agreement before allowing them to use the computer to connect to the internet. %0D%0A%0D%0A12. UPDATES. You grant CDT permission to add/remove features and/or functions to the existing software and/or service, or to install new applications, at any time, in its sole discretion with or without your knowledge and/or interaction. %0D%0A%0D%0A13. SERVER INTERACTION. You understand and accept that when the software is installed, it periodically communicates with a server operated by CDT and/or third party servers. %0D%0A%0D%0A14. INFORMATION COLLECTION. Software will not collect information about the websites you visit and will not collect any information that will be used by CDT to identify you personally. You understand and grant CDT permission to assign each copy of the software a unique software identification code that cannot be traced to your personal information. %0D%0A%0D%0A15. ARBITRATION. Any claim or controversy arising out of or related to this Agreement, or the products or services we provide and/or distribute shall be settled by binding arbitration in accordance with the rules of the American Arbitration Association. Any such claim or controversy shall be arbitrated on an individual basis and shall not be consolidated with a claim of any other party. You agree to pay any/all direct and/or indirect costs arising out or related to the claim and/or controversy, including but not limited to legal costs, transportation, accommodation, telephone calls. You also agree to pay CDT $300 per hour to attend arbitration including transport time. The foregoing shall not preclude CDT from seeking any injunctive relief for protection of CDT's intellectual property rights. %0D%0A%0D%0A16. GENERAL PROVISIONS. %0D%0A%0D%0Aa). This written license agreement is the exclusive agreement between you and us concerning the Software and service and supersedes any and all prior oral or written agreements, negotiations or other dealings between us concerning the Software. %0D%0A%0D%0Ab). CDT reserves the right to modify this license agreement at anytime without notification. You agree that your continued use of the Software and/or Service following any changes to this agreement and after the changes take effect will constitute your acceptance of such changes. %0D%0A%0D%0Ac). In the event of dispute resolution between us concerning the software or service or this agreement, you agree to pay all direct and/or indirect costs arising out of or related to the dispute, claim or controversy, including but not limited to all legal costs, transportation, accommodation, telephone calls. You also agree to pay CDT US$300 per hour to attend dispute resolution events including transport time. %0D%0A%0D%0Ad). This license agreement is governed by the laws of the province of Quebec, Canada. The United Nations Convention on Contracts for the Sale of Goods does not apply to this Agreement. %0D%0A%0D%0Ae). You agree that the Software will not be shipped, transferred or exported into any country or used in any manner prohibited by the United States Export Administration Act or any other export laws, restrictions or regulations. %0D%0A%0D%0Af) If any provisions of this Agreement shall be deemed unlawful, void, or for any reason unenforceable, then that provision shall be deemed severable from these terms and conditions and shall not affect the validity and enforceability of any remaining provisions. %0D%0A%0D%0Ag). CDT's failure to enforce the strict performance of any provision of this Agreement will not constitute a waiver of CDT's right to subsequently enforce such provisions or any other provisions of this Agreement. No waiver of any provision of this Agreement shall be effective unless in writing. %0D%0A%0D%0Ah). Any rights not expressly granted herein are reserved. %0D%0A%0D%0AContact Us. If you have any questions about the Software, our website, company or service, you should first email our support team at support@blazefind.com or write to CDT Support, PO BOX 181, Mont-Royal, QC, H3P3B9, Canada. %0D%0A %0D%0A %0D%0A %0D%0A%0D%0A%0D%0A%0D%0A
Description=url is a look a like to windowsupdates, responsible for Ads instead%0D%0A%0D%0Avery bad affiliates, part of blazefind
[CDownCom]
Product=CDownCom
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=CDownCom is also known as Domcom-C. It downloads and runs other malware and trojans.
[CgiPro32]
Product=CgiPro32
Company=unknown
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=According to naming this software is meant for CGI Scripting.
Privacy=
Description=Adfasdffer.exe copies and renames itselft to the \Windows\CGIPro32.exe, creates an autorun entry and launches itself in the background. It also tries to connect to the internet without user consent.
[Dloader-BK]
Product=Dloader-BK
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This Trojan is installed by other malware.%0D%0AIt registers itself to the registry and downloads code from the internet.%0D%0AApparently it disguises as a dialer.
[Dluca.CWAD]
Product=Dluca.CWAD
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=According to the file name and the system startup value "sysdxvid" this appears to be posing as a system file connected to directx video.
Privacy=
Description=Sysdxvid.exe copies itself to the system folder and executes itself. It runs in the background and connects to the internet, transmitting data about the computer configuration.%0D%0AIt also adds itself to system startup.
[DownloadWare.SED]
Product=DownloadWare.SED
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SED.exe makes an AutoRun entry, and runs in the background without user consent.
[EasyTool.ADTrojan]
Product=EasyTool.ADTrojan
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=by naming it appears to be some easy to use tool, but the functions are not clearly stated.
Privacy=
Description=runs in background connects to internet and opens IE with various Adpopups.
[Erazor]
Company=forcedcontrol
Product=Erazor
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=The file server.exe serves as a remote server, it does not appear to have any fake function.%0D%0AThe file client.exe seems to do exactly what it is supposed to do.
Privacy=no privacy information available%0D%0A%0D%0Aclient.exe :Erazer v1.1%0D%0Acoded by (v)aster%0D%0A03-09-2004 (Austria)%0D%0Awww.forcedcontrol.com%0D%0A%0D%0Acontact: (v)aster%0D%0Aicq:216010426%0D%0Amail:_master_e@web.de
Description=The file server.exe copies itself to Windows folder and renames itself to msgnet32.exe, it is hidden and executes itself.%0D%0AIt also adds itself to Autorun under the Name of Microsoft Net.%0D%0AIt connects 2 times to www.icq.com --> notifying ICQ UIN:216010426 (see Author) with nothing showing up on the display.%0D%0A%0D%0AThe client.exe enables remote access:%0D%0AErazor enables complete remote control, such as access to registry, desktop settings, fileaccess etc.
[ErrorGuard]
Product=ErrorGuard
Company=ErrorGuard Inc.
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to find and remove system errors
Privacy=%0D%0A%0D%0AError-Guard Inc. Privacy Policy%0D%0A%0D%0AThis Privacy Policy discloses the information gathering and dissemination practices of Error-Guard, Inc. in connection with ErrorGuard.com and all other web services and sites owned and operated by Error-Guard, Inc.%0D%0A%0D%0ACollection of Personal Information from Service Visitors Error-Guard, Inc. may collect and/or track (1) the home server domain names, email addresses, type of client computer, files downloaded, search engine used, operating system, and type of web browser of visitors to Error-Guard, Inc.'s web service, (2) the email addresses of visitors that communicate with Error-Guard, Inc. via email, (3) information knowingly provided by the visitor in online forms, registration forms, surveys, email, contest entries, and other online avenues (including demographic and personal profile data), and (4) aggregate and user-specific information on which pages visitors access.%0D%0A%0D%0AError-Guard, Inc. may place Internet "cookies" on visitors' hard drives. Internet cookies save data about individual visitors, such as the organization's name, password, user-name, screen preferences, and the pages of a service viewed by the visitor. When the visitor revisits Error-Guard, Inc.'s web service, Error-Guard, Inc. may recognize the visitor by the Internet cookie and customize the visitor's experience accordingly. Visitors may decline Internet cookies, if any, by using the appropriate feature of their web client software, if available.%0D%0A%0D%0AUse of Personal Data Collected%0D%0APersonal data collected by Error-Guard, Inc. may be used by Error-Guard, Inc. for many reasons, for example, for editorial and feedback purposes, for marketing and promotional purposes, for a statistical analysis of users' behavior, for product development, for content improvement, or to customize the content and layout of Error-Guard, Inc.'s service. Aggregate data on visitors' home servers may be used for internal purposes but will not be provided to third parties such as marketing firms. Individually identifying information, such as names, postal and email addresses, phone numbers, and other personal information which visitors voluntarily provide to Error-Guard, Inc. may be added to Error-Guard, Inc.'s databases and used for future calls and mailings regarding service updates, new products and services, and upcoming events.%0D%0A%0D%0ASecurity Measures%0D%0AError-Guard, Inc. has implemented numerous security features to prevent the unauthorized release of or access to personal information. For example, all Error-Guard, Inc. employees are required to certify their understanding that personal information is considered confidential, that it is important to safeguard personal information, and that Error-Guard, Inc. will take appropriate action against any employee who fails to acknowledge these facts or adhere to the requisite standards of conduct. Please be advised, however, that the confidentiality of any communication or material transmitted to/from Error-Guard, Inc. via this service or email cannot be guaranteed. Accordingly, Error-Guard, Inc. is not responsible for the security of information transmitted via the Internet.%0D%0A%0D%0AError-Guard, Inc.'s Right to Contact Users%0D%0AError-Guard, Inc. reserves the right to contact service visitors regarding sales and other informational requests made through its web service.%0D%0A%0D%0AError-Guard, Inc.'s Right to Change Privacy Policy%0D%0AError-Guard, Inc. reserves the right to change this Privacy Policy at any time without notice. Any change to this Privacy Policy shall be effective as to any visitor that has accepted the ErrorGuard.com Service Terms and Conditions before the change was made.
Description=This product is advertised by the LOP-Hijacker and a relation between these two companies makes this product suspicious.%0D%0AThe advertising is made to make the user believe that his PC is in imminent danger and needs this software.%0D%0AIt installs on "check for errors" on website, which is not excatly what a user might expect from "check for errors" --> misleading the user again.%0D%0A%0D%0AThe checking for results is exaggerated and also shows items like Hijackthis.exe as a "High risk" Uninstall file, which is not the case.%0D%0AHijackThis is a reliable tool for analysis and removal.%0D%0AAlmost all other found items are marked as "critical", while these items appear to be mostly usage tracks or standard Windows registry keys.%0D%0A%0D%0ARemoval of the found items is only possible after the user registers and pays about 30$%0D%0AConsidering the found items this is definitely a deception aimed at getting money for no service.%0D%0A%0D%0AErrorGuard also connects to the internet without asking to apparently download a picture which is not documented in any way by ErrorGuard. It tries to connect to casalemedia.com.%0D%0AThe ErrorGuard domain is registered via Domains by Proxy, which is definitely not a way for a proper company to register its domain.
[Fake.NetworkClient]
Product=Fake.NetworkClient
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=poses as Network Client Service
Privacy=
Description=adds websites and updateservers from common Antivirus Commany to hostsfile and blocks them.%0D%0Aadds itself as a Service and can cause a high CPU load. It can also slow down internet connections or increase the latency thus far, that websites get timeouts. Also redirects to malicious search website.
[Fake.Windows_API_Library]
Company=
Product=LdPinch-DH
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated functions, according to fileinformation it is supposed to be part of servicepack 2 for WindowsXP
Privacy=
Description=faked file information and unknown filename, no description of function available.%0D%0AFile informations are made to look like file information from Microsoft. But on closer view additional characters can be seen.
[FakeMSN8Beta]
Product=FakeMSN8Beta
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=poses as MSN 8 Messanger inofficial Beta
Privacy=
Description=hijacks hostsfile to block antivirusupdateservers and antiviruscompany webservers.%0D%0ARuns in background, creates directory with random name in Systemdirectory and copies itself to that location. Also adds itself to a hidden Systemstart entry.%0D%0AAdds 2 additional empty csrss.exe Systemstart entries.%0D%0Aruns a csrss.exe from a random directory in systemdirectory.
[Goldengr.WMF]
Product=Goldengr.WMF
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=poses as picture
Privacy=
Description=uses the wmf exploit to dowload and execute a exefile in systemdirectory
[Innovagest2000.AlfaCleaner]
Product=Innovagest2000.AlfaCleaner
Company=Innovagest 2000 ltd.
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an antispyware software
Privacy="Samples. %0D%0AThe Software Product may be provided with certain "Samples" intended to demonstrate use of the Software Product or provide a base starting point for use of the Software Product. Samples include macros, clip libraries, syntax definition files, or similar items. If Samples are provided, they are considered part of the Software Product for purposes of this EULA. However, you may use and create derivative works from Samples, provided that you do so in conjunction with your use of the Software Product, and that you maintain any copyright notices that may be incorporated within the Samples."%0D%0A%0D%0A1 Information that you provide to us:%0D%0AAlfaClearner receives and stores all information that you enter on our website and our billing pages. This includes%0D%0Aa) credit card sign-up page: the url you are purchasing goods or services from, your e-mail address, your language preference, your credit card number, your expiration date, your first name, your last name, your zip, your country, and your agreement to be bound by AlfaClearner's terms and conditions; You are obligated to provide AlfaClearner with accurate and up-to-date information, and failure to provide AlfaClearner with such information could void any Agreement between you and AlfaClearner. We use the information that you provide for such purposes as processing your purchase request, responding to customer service inquiries, loss prevention, improving our service, communicating with you, and allowing our clients to provide customer service and fulfill their obligations to you.
Description=Company known for other fraudware, ususally aims to make user buy the software.%0D%0Aprivacy policy and terms and conditions have intentional mispelling to mislead the user.%0D%0Afirst software to understate the threat caused by 180Solutions%0D%0Aalso creates fake entries, which is not excluded from the Eula%0D%0Aprivacy policy states that user information will be transmitted to other customers
[Lop.IE_ads]
Product=Lop.IE_ads
Company=Live, Media
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated%0D%0A%0D%0Afile is named "Mail Soap.exe" supposed to be an email software
Privacy=
Description="Mail Soap.exe" starts IE in the background and tries to connect to the internet without user consent.%0D%0AIt does also create a directory in C:\Documents And Settings\All Users\Application Data\Error Frag Global Mix%0D%0AThere also is one single file named "HIDELOUD01".
[MZS.Module32]
Product=PWStealer
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=%0D%0AAccording to the file name, it appears to be some Windows system files.
Privacy=
Description=PWSteal redirects the IE start page to about:blank. In addition it creates the hidden folder "tgbcde" in the Windows folder. This folder contains the following files: library32.dll, module32.exe, req.txt, sorted.ini - module 32.exe is registered in Systemstartup%0D%0AThe file req.txt contains the stolen passwords.
[NotifyPhoneBook]
Product=NotifyPhoneBook
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not available, according to filename, some application for notification regarding phonebooks
Privacy=
Description=the application does not appear on screen after execution. it runs in background and adds an entry to the registry: "NotifyPhoneBookProcId".
[Poebot.FakeWindowsLogon]
Product=Poebot.FakeWindowsLogon
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=looks like WINLOGON.EXE but filename is WINiOGON.EXE
Privacy=
Description=installs itselft to systemdirectory and adds itself to systemstart as "Windows Logon Application" %0D%0Aopens port 113 and listens for TCP connections , makes connection to 208.251.127.200 using %0D%0Aports and remote ip may change
[Proxy.Ranky]
Product=Proxy.Ranky
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=poses as internetexplorer
Privacy=
Description=iexplorer.exe runs in background and creates another executable labled as a tempfile in the same directory.%0D%0Athis file is executed and connects via port 8080 to ip 205.177.75.176 and listens to incoming TCP connections%0D%0Athe tempfile is also added to systemstart with name "services"
[PSGuard.msmsgs]
Product=PSGuard.msmsgs
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=considering filenaming msmsgs.exe it appears to be posing as microsoft messanger.
Privacy=
Description=a trojan horse intended on promoting PSGuard.%0D%0A It installs other malware and also a PSGuard demo, and does not ask for user consent.The browser is beeing hijacked. There are also other websites referenced in favorites and desktoplinks.%0D%0AThe displaysettings menu is also beeing changed, %0D%0AThere are also some spyware warnings appearing on screen in different locations, like systemtray, desktopbackground, browserwindows and PSGuard itself.%0D%0AThe PSGuard demo cannot remove any of the malware, and it only shows a few items, all other item are not beeing shown.
[PWS.LDPinch]
Product=PWS.LDPinch
Company=AGAVA Software Ltd.
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=download link can be sent by email, saying it is an antivirus software.
Privacy=
Description=after execution the trojan horse connects to the internet and downloads additional files, adds itself to the windows directory and to systemstart, also changes the IE Start Page to a local website with a script which will download an exe file. Trojan runs 2 instances of the Internet Explorer in background.
[RouterLayer.TDL]
Product=RouterLayer.TDL
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=According to its naming this progam resembles a valid Microsoft file: aclayers.dll%0D%0AThe trojan name is aclayer.dll
Privacy=
Description=This trojan gets downloaded and installled by other trojans, such as a variant of the YiSouToolbar.%0D%0AInstalls itself as a BHO and drops an aclayer.exe into the system folder.
[Safe-Sales.biz.WMF]
Product=Safe-Sales.biz.WMF
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=poses as picture
Privacy=
Description=connects to safe-sales website , downloads and executes an exe file without user consent.
[SpyShield]
Product=SpyShield
Company=The Post Media Network
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an anitspywaresoftware
Privacy=
Description=website does not contain EULA, Terms or Privacy Policy.%0D%0AEula is shown during installation.%0D%0Ano pricetag for software on website, price is only shown when website is contacted via the demoversion.%0D%0A%0D%0ASpyShield may be able to cause Spybot S&D to show error messages during Spybot programmstart%0D%0Ascan shows false positives%0D%0A%0D%0Asame application as Adpurge Adware & Spyware Remover, Privacy Crusader, Spy Reaper, & The Spyware Shield. Mainly used to fraud users.
[SpywareStop]
Product=SpywareStop
Company=Spyware-Stop
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an antispyware software
Privacy=none stated although it is referenced in the terms and conditions
Description=too few Information on Company, actually it apears to be a single person.%0D%0Atoo few updates for a commercial product, last update 30.8.2005%0D%0Aapearantly same apllication as PestTrap, SpyDemolisher, SpySheriff, SpyTrooper, & SpywareNo %0D%0Avery poorly coded%0D%0A%0D%0Amost likely just used to deceive users in paying for a bad piece of software
[Vundo.Bankfraud]
Product=Vundo.Bankfraud
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=This Vundo variant comes with an email looking like it came from a bank asking the user to verify his/her useraccount.%0D%0A
Privacy=
Description=The emailtext is a link to a fraud bankaccountsite, %0D%0Auser is asked to enter accountinformation.%0D%0A%0D%0Aalso executables are installed, which add themselves to the systemstart and connect to IRC-Servers, probably making the host a zombie and receiving instructions from the IRC Network.
[Winsoftware.Common]
Product=Winsoftware.Common
Company=Innovative Marketing, Inc.
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=common part of WinAntiVirus 2005 and WinAntiSpyware 2005
Privacy=
Description=common part of WinAntiVirus 2005 and WinAntispyware 2005%0D%0Aboth are considered Trojans, instead of properly scanning the uses pc, they are used for gathering information and press the user to buy the respective software.%0D%0Aintentioal false positives and lies are used to make the user pay for the software.%0D%0A
[Winsoftware.WinAntiSpyware2005]
Product=Winsoftware.WinAntiSpyware2005
Company=Innovative Marketing, Inc
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Trial version is supposed to scan for Spyware for free
Privacy=
Description=connects to reliable stats at install and uninstall submitting unknown data over a SSL-connection. Installation does not finish properly if SSL-connection is not available.%0D%0AUninstall is incomplete, even if SSL connection is available.%0D%0ASame company as Winfixer and WinAntiVirus 2005%0D%0A%0D%0AAggressive Advertising aimed at fooling the user, to make him buy the product.%0D%0A%0D%0AAdvertising implies, that the users computer is beeing scanned and threats are beeing found.%0D%0A%0D%0ASoftware itself does not appear to be aimed at finding Spyware, instead it shows that the computer has no Spywareprotection, the basis for this "warning" is not known, since active Antispyware-Software was running during%0D%0Atesting. The warning is hyperlinked to the software websites billing form.
[Winsoftware.WinAntiVirus2005pro]
Product=Winsoftware.WinAntiVirus2005pro
Company=Innovative Marketing, Inc
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Trial version is supposed to scan for Spyware and Viruses for free
Privacy=
Description=connects to reliable stats at install and uninstall submitting unknown data over a SSL-connection. Installation does not finish properly if SSL-connection is not available.%0D%0AUninstall is incomplete, even if SSL connection is available. If SSL-connection is not possible, Uninstall just hangs/ does not conclude.%0D%0ASame company as Winfixer and WinAntiSpyware 2005%0D%0A%0D%0AAggressive Advertising aimed at fooling the user, to make him buy the product.%0D%0A%0D%0AAdvertising implies, that the users computer is beeing scanned and threats are beeing found.%0D%0A%0D%0AWinAntiVirus finds a cookie and calls it a "dangerous infection" , after a 2nd scan 2 infected files are found or on the popupscreen 3 dangerous infections, on each following scan the popup window shows 2 additional dangerous infection although the number of infected files does not rise.%0D%0AIn the scan report an empty drive a: is also reported.%0D%0A%0D%0AWinAntiVirus is clearly a fraud, aimed at making the user pay for a software which usefulnes cannot be proven by the trial version, instead data is collected and the user is beeing fooled.
[Yahoo.YiSouBar]
Product=Yahoo.YiSouBar
Company=3721 Technology Co., Ltd.
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some kind of toolbar in cooperation with yahoo%0D%0A%0D%0A"4. This software provides online such functions as searching, repairing browser, cleaning web garbage, protecting web privacy, enhancing IE search function, and repairing IE security loophole. Users can click http://toolbar.yisou.com/ to get more information about this software."%0D%0A%0D%0A"5. This software is installed by ActiveX, which is internationally recognized as safe and general-accepted."
Privacy=%0D%0A"8. 3721 Company warrants that this software does not contain any malicious code aiming to damage users' computer data and obtain users' privacy information, or any functional code to track, monitor and/or operate users' computers, or monitor users' conducts online or offline, or disclose users' privacy."
Description=actually the software is a toolbar, but it downloads , installs and runs other software without explicit user consent. Downloads are beeing done in background with no display, also searchsite is changed. Products beeing downloaded , installed and run by this trojanare: CnsMin, CnsMin.Zmod%0D%0A%0D%0Athere are variants installing without any user consent at all.%0D%0A%0D%0Auninstallation is almost complete but does not restore the searchsite nor does it uninstall CnsMin%0D%0A%0D%0Amay be necessary to remove programmfolders manually
[YopsBot]
Product=YopsBot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=comes with WMF Exploit thus beeing installed via a picture
Privacy=
Description=connects to the internet in background%0D%0Adowloads Smitfraud related files%0D%0Ahijacks Hostfile to block Antivirusupdateservers and Websites
[Zlob.Command Service]
Product=Zlob.Command Service
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=disguises as services that look like benevolent services
Privacy=
Description=running as command service and networkmonitor services this trojan will be started on systemboot, it may also contact websites and download additional malware/trojans/spyware.%0D%0Ait is very persistent and requires Spybot S&D to scan at reboot to remove the command service.
[Win32.Agent.acf]
Product=Win32.Agent.acf
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs soconfig.exe and svchost.exe (same name but different directory than legit file). Wants to connect to the internet without statement. Acts as a backdoor.
[MagicControl.Agent]
Product=MagicControl.Agent
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs itself into the Windows directory (with some .dll-data and others). Operates as a backdoor. Stands in relation to the Smitfraud-C. malware.
[Win32.Agent.acr]
Product=Win32.Agent.acr
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=runs in background, connects to the internet without prompting. Acts as a backdoor.
[Win32.Agent.acy]
Product=Win32.Agent.acy
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=runs in background, install several .exe into Temp directory, runs without user consent.
[Banload.sr]
Product=Banload.sr
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=starts IE and loads a brasilian Website, downloads another trojanfile without user consent.
[Win32.Dadobra.kd]
Product=Win32.Dadobra.kd
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=starts IE and loads a brasilian Website without user consent.
[Win32.Dadobra.ke]
Product=Win32.Dadobra.ke
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=starts IE and loads a brasilian Website without user consent.
[Win32.Small.cfo]
Product=Win32.Small.cfo
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=tries to download additional files without user consent.
[Win32.Small.cgc]
Product=Win32.Small.cgc
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Runs in background and downloads files without user consent.
[Win32.Small.dsf]
Product=Win32.Small.dsf
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Downloads files in background without user consent.
[Win32.Small.dsg]
Product=Win32.Small.dsg
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojandownloader, downloads other trojans without user consent.
[Win32.VB.un]
Product=Win32.VB.un
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan horse that runs without user consent.
[Win32.VB.vg]
Product=Win32.VB.vg
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=copies itself into the Windows\System32 directory , is known as a trojan horse that compromises systemsecurity.
[Win32.Winspg.a]
Product=Win32.Winspg.a
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=this trojan horse targets antivirus software to compromise systemsecurity.
[Win32.QQHelper.j]
Product=Win32.QQHelper.j
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojandownloader, runs and installs without user consent.
[WhenU.Search]
Company=
Product=WhenU.Seacch
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WhenU.Search installs a toolbar in the Internet Explorer. When it is installed it collects information about the user behaviour and tries to send it to a server. It displays a lot of advertisement and connects to a server every 63 seconds.
[Outbreak]
Product=Outbreak
Company=
Threat=Trojaner
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan Outbreak copies itself into the system directory of your operating system and tries to connect to the internet. When the trojan is connected with a server it waits for new commands to spy on the user.
[Sdbot-CP]
Company=
Product=Sdbot-CP
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan Sdbot-CP copies itself into the system directory of your operating system and tries to connect to the internet. When the trojan is connected with a server he waits for new commands to spy on the user.
[Fearless Key Spy]
Product=Fearless Key Spy
Company=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It is a keylogger, that will upload logfiles to a specified ftp server.
[SC-KeyLog v2.24]
Product=SC-KeyLog v2.24
Company=Soft-Central
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=SC-KeyLog 2.24%0D%0A%0D%0ASC-KeyLog is a powerful, invisible keylogger that captures user activity and saves it to an encrypted logfile.%0D%0A%0D%0AUse this tool to: Find out what is happening on your computer while you are away, to maintain a backup of your typed data automatically, to spy on others or use it for monitoring your kids.%0D%0A%0D%0ASC-KeyLog is highly customizable, easy to use and creates exceptionally small custom keylogger engines of only 40 KB in size! Create as many keylogger engines as you like and deploy them on remote systems with ease. An optional mailing feature allows you to automatically send the logfile to a specified email address on a user defined interval.%0D%0A%0D%0AThis stealth moniting application is designed for Windows 95, 98, ME, NT4, 2000, XP and 2003. .
Privacy=
Description=A Keylogger that can be used to silently invade other peoples privacy.
[Terminexor]
Product=Terminexor
Company=Terminexor
Threat=Malware
CompanyURL=http://www.terminexor.com/company.htm/
CompanyProductURL=http://www.terminexor.com/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It's 99% Spybot-S&D, just hidden under a different name and icon. Otherwise it is completely identical, as is our detection database in this illegal clone. They even use our update server, but have changed the donation link to their own website.%0D%0A%0D%0AThe other 1% that comes with TermineXor is a small piece of malware - terminexor website is registered by Flashpoint Media, Ltd., located on the Bermudas. You may already know this company from BroadcastPC and RVP - two malware products.%0D%0A%0D%0AThis is actually the first time I've seen an anti-spyware application ripped off and bundled with spyware itself. We will try to have their site closed down asap, and see what legal steps can be taken against a company that tries to evade law by establishing off-shore.
[AxFreeAccess]
Product=AxFreeAccess
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=A conetn dialer
Privacy=
Description=It's an illegal content dialer. Pricing is not clearly stated.
[Newdial.ital]
Product=Newdial.ital
Company=New Dial
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=It is a content dialer.
Privacy=QUESTO SOFTWARE E' ESENTE DA VIRUS AL 100%. CLICCA _SU_"Si"_per_accettarne i termini e le condizioni di utilizzo. Questo programma, il cui uso Φ riservato ai maggiorenni, vi collegherα ad internet mediante i nostri server per navigare liberamente e velocemente al costo di due euro e quaranta centesimi al minuto pi∙ sessanta centesimi di euro alla risposta (iva compresa) per una durata max di cinque minuti. NewDial Φ intestataria delle linee utilizzate (domande@newdial.com). In caso di sconnessione sarα possibile riconnettersi alle stesse condizioni di questo avviso. Ora non vi resta che navigare, BUON_DIVERTIMENTO!
Description=This dialer tries to connect without user consent. Also, the privacy policy is insufficient.
[PhonCom]
Product=PhonCom
Company=PhonCom
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=It is a content-dialer.
Privacy=PhonCom provides Advertising and Hosting services: Advertising interactive marketing services to advertisers, agencies and publishers. Our extensive advertising network consists of inventory that we purchase from web, search engine and web publishers. Through this network, and our proprietary technologies, we help advertisers and their agencies develop, plan and execute innovative marketing programs that generate measurable results.
Description=This dialer tries to connect without user consent. Also, the privacy policy is insufficient.
[Sgrunt]
Product=Sgrunt
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Connects via ICMP to its website. Without user consent, of course. File is named "IE4321.exe".
[CoolWWWSearch.IELinks]
Product=CoolWWWSearch.IELinks
Company=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This CWS variant does - as most - hijack start pages, search pages, bookmarks or history entries redirecting them to CoolWWWSearch domains.
[ShopAtHome]
Product=ShopAtHome
Company=ShopAtHome.com/Belcaro Group, Inc.
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=Consequently, when you first register with ShopAtHomeSelect.com, we ask you to provide your name, date of birth, street address, and E-mail address to determine your eligibility to be a member and to process your "Cash Back" rewards. We also ask for additional optional information on your interests, gender, and occupation. Based on this information, we can better determine what types of merchants and specials to pursue so that you will get the most out of your membership in ShopAtHomeSelect.com. However, you are under no obligation to provide us with this information-it is completely optional.%0D%0A%0D%0AShopAtHomeSelect.com may also collect certain information online and offline deriving from your navigation of ShopAtHomeSelect.com and our Affiliate Merchants, general web browsing, Search Engine queries, including but not limited to the number and type of offers/searches you have responded to and completed, so that we can make future relevant and personalized offers to you. %0D%0A%0D%0AShopAtHomeSelect.com uses cookie technology to understand general information on site traffic trends such as most frequently visited pages or Affiliate Merchants. This information is captured on an aggregate basis, is not specific to individual users, and enables ShopAtHomeSelect.com to continually improve our Web site content and navigation.
Description=Privacy violation. Tries to connect without user consent. Unrequested download of files. Each visit to a affiliated merchant site is tracked in a log file. Also known as SAHBundle.
[MyNetProtector]
Product=MyNetProtector
Company=SJB Enterprises, Inc
Threat=Malware
CompanyURL=http://www.mynetprotector.com/
CompanyProductURL=http://www.mynetprotector.com/
CompanyPrivacyURL=http://www.mynetprotector.com/
Functionality=PopUpStopper, Spyware Remover and Spam Blocker.
Privacy=4. ACKNOWLEDGEMENT OF ADVERTISING CONTENT AND VALUE-ADDED APPLICATIONS%0D%0A%0D%0AYou acknowledge that the "MyNetProtector"Program(s) include added software and technology which allows "MyNetProtector"to provide advertising content directly to your computer. Additionally, you acknowledge that you wish to receive software and technology as updates at the discretion of "MyNetProtector"for the purposes of complimenting or enhancing the "MyNetProtector"Program(s). By installing, downloading, copying, updating or otherwise using the "MyNetProtector"Program(s), you specifically agree to include the noted software and technology through which ""MyNetProtector"", its subsidiaries, affiliates, partners, divisions, and clients provide advertising content and/or value-added applications to your computer. You acknowledge that you desire to receive advertising content and value added applications, if any, from ""MyNetProtector"", its subsidiaries, affiliates, partners, divisions, and clients. You acknowledge that you desire to receive advertising content and value-added content as a condition to using the "MyNetProtector"Program(s).
Description=MyNetProtector reports faked "system errors". The application can download programs without user consent. It performs aggressive advertising.
[Anyforce.Bot]
Product=Anyforce.Bot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Keylogger
Privacy=
Description=This is a Keylogger that connects to its ftp site via remote access using alternating IPs. It modifies the host file and redirects URLs.
[Hachimitsu-Lemon]
Product=Hachimitsu-Lemon
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Trojan
Privacy=
Description=Trojan, spies for e-mail adresses. Variant of Uvu-Channel trojan.
[IPFW]
Product=IPFW
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=IPFW is a trojan downloader that creates an autorun entry for ipwf.exe. It authorizes ipwf.exe to connect to the internet on Windows XP built-in firewall and creates the file winut.dat in a System32-subfolder. The file Winut.dat contains encrypted URLs to which it randomly connects dowloading malware. One variant downloads P2P-malware. This product is usually distributed through phishing mails. In Germany common as ebay-rechnung.pdf.exe
[UVU-Channel]
Company=
Product=UVU-Channel
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Trojan
Privacy=
Description=Trojan, spies for e-mail adresses. Variant of Hachimitsu-Lemon trojan.
[ClickYesToEnterLtd]
Product=ClickYesToEnterLtd
Company=ClickYesToEnterLtd.
Threat=Dialer
CompanyURL=http://www.ClickYesToEnter.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It tries to connect to the internet without giving the user a possibility to cancel that process and without any warning that it would try to connect to the internet.
[FCI.FCDialer]
Product=FCI Inc.FCDialer
Company=FCI Inc.
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=If you run the dialer it shows a dial screen to a porn page. You cannot hang up and if you try to close the window it opens an browserpage with porn content. If you try to close the browserpage further browserpages of that kind are opened.
[Holistyc]
Product=Holistyc
Company=Netpond
Threat=Dialer
CompanyURL=http://Netpond.com/
CompanyProductURL=http://holistyc.com/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Holistyc opens the Internet Explorer and leads to a porn page where you have to dial a number to get access. There is no information on costs. It installs an ActiveX component which downloads further bad programs. It creates links to porn URLs on your desktop.
[IDialer]
Product=IDialer
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This dialer runs in the background, copies itself to the temp folder and tries to connect to the internet without any warning.
[Newdial]
Product=Newdial
Company=New Dial SPA
Threat=Dialer
CompanyURL=http://NEWDIAL.COM/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=It is a content-dialer and it costs 1,40Ç per minute
Privacy=QUESTO SOFTWARE E' ESENTE DA VIRUS AL 100%. CLICCA _SU_"Si"_per_accettarne i termini e le condizioni di utilizzo. Questo programma, il cui uso Φ riservato ai maggiorenni, vi collegherα ad internet mediante i nostri server per navigare liberamente e velocemente al costo di due euro e quaranta centesimi al minuto pi∙ sessanta centesimi di euro alla risposta (iva compresa) per una durata max di cinque minuti. NewDial Φ intestataria delle linee utilizzate (domande@newdial.com). In caso di sconnessione sarα possibile riconnettersi alle stesse condizioni di questo avviso. Ora non vi resta che navigare, BUON_DIVERTIMENTO!
Description=Insufficient privacy%0D%0AWebsite is not active any more
[Sysweb Telecom]
Product=Sysweb Telecom
Company=Sysweb Telecom
Threat=Dialer
CompanyURL=
CompanyProductURL=http://sponsoradulto.com/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The dialer connects to its website, but redirect to another bad site.
[Tele Team Work Aps]
Product=Browserplugin.com
Company=Tele Team Work Aps
Threat=Dialer
CompanyURL=http://www.Browserplugin.com/
CompanyProductURL=http://www.Browserplugin.com/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Opens the Internet Explorer and connects to the internet without any userinteraction and leads to pornsites, It installs a BHO without user┤s affirmation.
[Wabgcom]
Product=Wabgcom
Company=Werbeagentur GbR
Threat=Dialer
CompanyURL=http://www.wabgcom.de/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It is a dialer and it is intalled without user┤s confirmation. It creates an autorun entry to be loaded on every windows start. The executed file is located in the temp folder.
[AUpdater]
Product=AUpdater
Company=Exfol LTD
Threat=Malware
CompanyURL=http://www.exfol.com/
CompanyProductURL=http://www.rocket.exfol.com/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AUpdater creates an autorun entry, and connects to its website in the background without user consent.%0D%0AWebsite is not active any more. Redirects to Google.
Privacy=In exchange for offering you free software products, we collect anonymous usage information from your computer that we and our partners may use to select and display pop-up and other kinds of ads to you and to perform research about how people use the Internet.%0D%0A%0D%0A%0D%0AConsumer Alert System offers this software available on the Internet free of charge ("CAS") in exchange for your agreement to receive advertisements, which will display Pop-Up, Pop-Under, and other types of ads on your computer. We refer to consumers who have the CAS on their system as "Users."%0D%0A%0D%0ACAS Is Designed to Collect and Use Non-Personal Information. CAS collects certain non-personally identifiable information about your Web surfing. This includes views and clicks to online ads; country and IP address; standard web log information and system settings; keyword information generated by surfing or user-generated searches; and time of successful software installation/uninstallation.%0D%0A%0D%0AUsage of Non-Personally Identifiable Information:%0D%0A%0D%0ATo Deliver Advertising. Consumer Alert System associates the non-personally identifiable information that CAS collects to an anonymous, randomly generated User ID for the purposes of serving advertising to the User. This information is utilized to display relevant ads on your computer ("ads"). Current methods of serving ads to your computer are listed below.%0D%0A%0D%0A1. Pop-Up/Pop-Under Windows appear as windows in the foreground/background on the computer screen.%0D%0A2. Slider Windows appear as windows in the foreground on the computer screen. %0D%0A3. Windows Shortcuts appear as links or icons on the computer desktop, start menu, or favorites folder.%0D%0A4. Contextual Hyperlinks appear as links within a webpage.%0D%0A%0D%0ACAS DOES NOT DOWNLOAD OR INSTALL ANY THIRD-PARTY APPLICATIONS TO YOUR COMPUTER. %0D%0A%0D%0AAds may appear while you are browsing the Web, not just when you use CAS. Ads are not usually associated with or sponsored by the Web site that you are viewing at the time you receive them. Ads may in fact be from a competitor of a site you are viewing.%0D%0A%0D%0ATo Conduct Research. We aggregate anonymous data regarding Users' online activities to better understand how consumers use the Web. For example, we may gather and use information on how Users use various search engines or Web sites.%0D%0A%0D%0ATransmission of Non-Personally Identifiable Information:%0D%0A%0D%0ASearch Partners. We may transmit our Users' search queries to search partners, who use this information to provide us with search results and other information, which we then display to our Users. %0D%0A%0D%0AThird-Party Advertising Partners. We may share information we collect with our Third Party Advertising Partners. If we do so, we will require by contract that they treat this information in accordance with our privacy policy. %0D%0A%0D%0AFor Research. We use the collected anonymous information to better understand how consumers use the Web. To that end, we may also use this aggregated, anonymous information to develop reports for our corporate clients and/or advertisers so that they can better understand trends in online consumer behavior and how those trends relate to their businesses.%0D%0A%0D%0AOther Limited Circumstances. We may also share information with third parties who help us perform a business function (their use of such information is limited by our internal policies and/or confidentiality agreements, as applicable); to protect our rights, or if under a legal obligation.%0D%0A%0D%0ASale, Merger, or Asset Transfer:%0D%0A%0D%0AIf Consumer Alert System or any of its assets is purchased or merged with another company, information we have collected from you may be one of the transferred assets.%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A
Description=The CAS-Client Installs without user-interaction, the user cannot decide if the software will be installed or not. It creates autorun entries, so the program runs on every startup. It shows advertising-popups
[FCHelp]
Product=FCHelp
Company=Effective Contextual Marketing
Threat=Malware
CompanyURL=http://www.fullcontext.net/
CompanyProductURL=http://www.fullcontext.net/
CompanyPrivacyURL=no privacy available
Functionality=
Privacy=
Description=FCHelp is installed silently, creates autorun entries and automatically connects to its website and without the user's permission.%0D%0AWebsite is not active any more.
[SurfEnhance]
Product=SurfEnhance
Company=SurfEnhance
Threat=Malware
CompanyURL=http://www.surfenhance.com/
CompanyProductURL=http://www.surfenhance.com/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It creates autorun entries and connects without user┤s permission to the internet. It downloads additional malware/spyware programs e.g. Targetsaver.
[Universal Boards.Plugin]
Product=Universal Boards.Plugin
Company=Universal Boards
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=When you try to uninstall it does not delete everything it has created and furthermore it recreates the installer file with the name "removeme.exe". The k.exe connects to the internet without users┤ permission.
[Locksky]
Product=Locksky
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It creates an autorunentry to run on every startup; creates attrib.ini which logs your working behavior (which programs you use, which internetpages you visit...)
[Torpig]
Product=Torpig
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It creates autorunentries, so it is started on every windowsstart. It sends your IP and open ports to its websites. It creates two temporary files ($_2341233.TMP and $_2341234.TMP) which contain visited onlinebanking-webpages and bankaccount data like PIN/password and accountnumber.
[RealDialer]
Product=RealDialer
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=RealDialer connects to the internet without user consent.
[Teleflate]
Product=Teleflate
Company=Teleflate S.L.
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=n/a
Privacy=Teleflate S.L.%0D%0AFrancesco de Narbi%0D%0AC/San Miquel, 36 - 5║%0D%0A07002 Palma de Mallorca%0D%0AESPANA
Description=Teleflate.exe copies itself to the System folder and executes itself. It also creates a link on Desktop and a "Teleflate" folder without user consent.
[XXXDownloader]
Product=XXXDownloader
Company=n/a
Threat=Dialer
CompanyURL=
CompanyProductURL=XXXDownloader
CompanyPrivacyURL=
Functionality=n/a
Privacy=n/a
Description=XXXDownloader installs an ActiveXcontrol. It tries to connect to the internet without user consent.
[AdultStore]
Product=AdultStore
Company=PR InterMedia
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AdultStore copies .dll and .exe files to your System folder and appends "ADULT STORE" to the Farvorites.%0D%0AIt redirects to pornsites.
[GTDownloader]
Product=GTDownloader
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=GT Downloader copies .dll and .exe files to the System folder.%0D%0AIt also downloads the malware products IESP2.SpyZM, WebResponseAttachments etc.
[MetaStop]
Product=MetaStop
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=MetaStop redirects to its website and installs itself without user`s consent.
[MT-Dials]
Product=MT-Dials
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This programm installs itself without user`s consent , it also connects to the internet and downloads additional software without user consent.
[QuickNavigate]
Product=QuickNavigate
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=QuickNavigate redirects websites to the spytrooper website, which is a false antispywaretool.
[Service68]
Product=Service68
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a systemservice
Privacy=
Description=pretends to be a systemservice but is all fake
Installs and downloads false antispywaretools without user consent.
[Win32.Tactslay]
Product=Win32.Tactslay
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan downloads and installs other malware/trojans/hijackers like Prorat-D, Huntbar, Optra.
[XXSWare Inc.]
Product=Winx Service
Company=XXSWare Inc.
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The XWare starts downloads from its website and causes porn popups.
Functionality=imGiant is a multiple instant messenger for the most common IM services. It also offers direct web search and a sports ticker.
Privacy=Occasionally, ImGIANT may display additional options to you, through the ImGIANT Software or the ImGIANT Website, inviting you to opt in and supply non-anonymous information that is unique to you, such as your name or contact information (ôPersonal Informationö). This information will only be used for the purpose stated upon the request of such information.%0D%0A%0D%0A IP Addresses. Your use of the ImGIANT Software or the ImGIANT Website will involve the transmission of your Internet protocol address (ôIP Addressö) to ImGIANTÆs servers. This IP Address is necessary for communication with you via the Internet and may be used and stored on our servers. With the cooperation of your Internet service provider, it is possible for your IP Address to be used to identify you personally, however, ImGIANT agrees that it will not use it for this purpose, unless required to by law.%0D%0A%0D%0A Third Party Collection. The ImGIANT Software will display to you targeted websites and advertisements that are hosted by third parties (ôWebsitesö). These Websites may place cookies on your hard drive and use the cookies to tailor delivery of content to you by profiling your use of a site or advertisements that you select. These Websites may collect information such as your IP address, your browser type and the date and time that the targeted Website was served to you.
Description=Displays ads that are displayed when the main product is not active.
Description=Ad-Behavior delivers unwanted advertisments on your PC.
[Firewall_Anti]
Product=Firewall_Anti
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=it pretends to be a security software
Privacy=None available
Description=Firewall_Anti is a trojan that runs on StartUp and blocks antivirus applications as well as the following hosts www.antivir.de, www.kaspersky.com, www.drweb.com, www.pandasoftware.com, www.avp.com, www.symantec.com, www.mcafee.com etc.%0D%0A%0D%0AAlso known as Troj/Netdeny-B, Trojan/Fantibag.B
Functionality=Pacimedia is supposed to deliver browser enhancements.
Privacy=PACERD LIMITED (pacerdltd@yahoo.com)%0D%0A +1.2069844492%0D%0A Fax: +248.-%0D%0A Trinity House 1st Floor%0D%0A Albert Street, PO BOX 1402%0D%0A Victoria, MAHE N/A%0D%0A SC
Description=Pacimedia installs a browser toolbar (BHO), generates desktop icons, creates new folders and displays unwanted advertisements.
[WebLookup]
Product=WebLookup
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WebLookup is a BHO connecting to web-redirect.com and causing popups.
[Win32.LinkBot]
Product=Win32.LinkBot
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.LinkBot gets installed without user consent. It creates an autorun entry and creates the file defragfatz.exe in Windows system directory.
[ICQ_Trojan]
Company=Anthrax Coding
Product=ICQ_Trojan
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan emulates ICQ5. After the login it creates a file called icq.log containing the login and the password as plain text.
[IESP2.SpyZM]
Product=IESP2.SpyZM
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=IESP2.Spyzm installs a BHO without user consent. It pretends to be part of the Internet Explorer Service Packs.
[L-Xplorer88]
Product=L-Xplorer88
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=pretends to be the windows kernel
Privacy=
Description=This trojan installs itself in systemstart, pretending to be "Service System" running a "kernels32.exe". It also downloads other malware.
[Litmus]
Product=Litmus
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=pretends to be a dllLoader
Privacy=
Description=Litmus is a trojan that is controlled via IRC. It installs services, collects passwords and connects to an IRC server. Litmus can also be used for DDoS attacks. It also enters itself als DllLoader32 in systemstart.
[MSN_trojan]
Company=
Product=MSN_trojan
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be the microsoft messanger
Privacy=
Description=This trojan emulates MSN messenger and, after login, creates a log file containing the login and the password as plain text.
[SearchNet]
Product=SearchNet
Company=
Threat=Trojan
CompanyURL=Beijing zhongsou
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan installs itself without user consent while pretending to be harmless.
[BHO.IESpy]
Product=BHO.IESpy
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=pretends to be a harmless browser helper object
Privacy=
Description=Without user consent the trojan installs a browser helper object which is not only useless to the user but will also spy on him.
[SpySheriff.Ticker]
Product=SpySheriff.Ticker
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a security warning
Privacy=
Description=Sleeping process, produces an annoying hoax ticker message on wakeup: "Your computer is infected. Press here for help!" which will guide to pcadprotector.cc. A site advertising for Spy Sheriff, Spy Fighter and Raze Spyware.
[Troj.SVC]
Product=Troj.SVC
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=poses as windowsfile svchost.exe
Privacy=
Description=the original windowsfile is located in the systemdirectory while the fake svchost.exe is located in a subdirectory \wbem.%0D%0Athis trojan runs in background and works with other trojan files to compromise the computer.
[Lineage.DN]
Product=Lineage.DN
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan LineAge-Ba installs itself into the system-directory of windows and gets started by every windows startup. If the computer is infected by LineAge-Ba it is possible to start an attack across the internet.
[Win32.Delf.amb]
Product=Win32.Delf.amb
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan spreads with emails, installs itself in the system32 directory and tries to spy out the user
[Zlob.WinMediaCodec]
Product=Zlob.WinMediaCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and install various third-party spyware and malware to infected computers
[Zlob.MPVideoCodec]
Product=Zlob.MPVideoCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and install various third-party spyware and malware to infected computers
[PornPasswordGenerator]
Product=PornPasswordGenerator
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This startup entry is automatically started through AutoRun ("ownage") in the registry shutdown command.%0D%0AThis makes the computer starting and shutdown all the time.
[Suggestor]
Product=Suggestor
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Suggestor installs a browser toolbar (BHO)
[Tibia]
Product=Tibia
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tibia copies an .exe file to the System folder and is started automatically from AutoRun.Tibia connects to the internet without giving the user a possibility to cancel that process and loads Ardamax.
[Win32.Small.Dqz]
Product=Win32.Small.Dqz
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.Dqz copies dll- and sys-files to the System folder and an exe-file to the root folder. It connects to the internet without giving the user a possibility to cancel that process.
[Win32.Small.jm]
Product=Win32.Small.jm
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file creates an autorun-entry for itself in its current directory and is run on system startup in background.
[WorldToStartBV.AdTech2005]
Product=WorldToStartBV.AdTech2005
Company=WorldToStart B.V.
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=When the program is executed it pop ups ads in Internet Explorer windows. It creates autorun entries to be launched on every windows startup.
[Win32.Bomka.r]
Product=Win32.Bomka.r
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It pretends to be an antispyware solution but actually does not detect any kind of malware. Win32.Bomka.r copies into the system directory of your operating system and tries to connect to internet. When it is connected it shows you a lot of advertisement.
[Win32.Downloader.Small.dib]
Product=Win32.Downloader.Small.dib
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It copies exe-files in the root folder without user consent.
[Win32.LowZones.DG]
Product=Win32.LowZones.DG
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Makes redirects to some very malicious websites. Additionally it replaces the startpage of the Internet Explorer with a dangerous website.
[Bills.Inc]
Product=Bills.Inc
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=references bad websites and disables executive after execution to delete traces.
[Sox.Autoupdater]
Product=Sox.Autoupdater
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be harmless, creates a fake Windows API dll
Privacy=
Description=creates a fake Windows API dll, connects to the internet , enters itself into the systemstart as Autoupdater and changes the Windowsfirewall settings to be authorised to pass it.
[Win32.Moodown.b]
Product=Win32.Moodown.b
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This Trojan adds itself to system start and disguises its files as system files.
[Ardamax]
Product=Ardamax
Company=
Threat=Keyloger
CompanyURL=http://www.ardamax.com/keylogger.html
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Keylogger
Privacy=Ardamax Keylogger: License%0D%0A%0D%0AAnyone may use this software during a test period of 7 days. Following this test period of 7 days or less, if you wish to continue to use Ardamax Keylogger, you MUST register.%0D%0A%0D%0AOnce registered, the user is granted a non-exclusive license to use Ardamax Keylogger for any legal purpose, at a time. The registered Ardamax Keylogger software may not be rented or leased, but may be permanently transferred, if the person receiving it agrees to terms of this license. If the software is an update, the transfer must include the update and all previous versions.%0D%0A%0D%0AAny use of the program which is illegal under international or local law is forbidden by this licence. Any such action is the sole responsibility of the person committing the action.%0D%0A%0D%0AArdamax Keylogger was created as a solution for remote computer monitoring and surveillance. Our software is NOT designed to be used for malicious purposes. Using this software against any of the terms and conditions is against the LAW, and we will not be held accountable if you get into legal issues that may arise from using it. %0D%0A%0D%0AYou agree not to use this software to upload or distribute in any way files that contain viruses, corrupted files, or any other similar software or programs that may damage the operation of another's computer; not to use this software to collect or harvest personal information.%0D%0A%0D%0AThe Ardamax Keylogger unregistered (trial) version may be freely distributed provided the distribution package is not modified. No person or company may charge a fee for the distribution of Ardamax Keylogger without written permission from the copyright holder. %0D%0A%0D%0AARDAMAX KEYLOGGER IS DISTRIBUTED "AS IS". NO WARRANTY OF ANY KIND IS EXPRESSED OR IMPLIED. YOU USE AT YOUR OWN RISK. THE AUTHOR WILL NOT BE LIABLE FOR DATA LOSS, DAMAGES, LOSS OF PROFITS OR ANY OTHER KIND OF LOSS WHILE USING OR MISUSING THIS SOFTWARE.%0D%0A%0D%0AYou may not use, copy, emulate, clone, rent, lease, sell, modify, decompile, disassemble, otherwise reverse engineer, or transfer the licensed program, or any subset of the licensed program, except as provided for in this agreement. Any such unauthorized use shall result in immediate and automatic termination of this license and may result in criminal and/or civil prosecution.%0D%0A%0D%0AAll rights not expressly granted here are reserved by Ardamax Software.%0D%0A%0D%0AInstalling and using Ardamax Keylogger signifies acceptance of these terms and conditions of the license.%0D%0A%0D%0AIf you do not agree with the terms of this license you must remove Ardamax Keylogger files from your storage devices and cease to use the product.%0D%0A
Description=Ardamax Keylogger is a keystroke recorder that captures user's activity and saves it to an encrypted log file. The log file can be viewed with the powerful Log Viewer. Logs can be automatically sent to an e-mail address, access to the keylogger is password protected. Besides, Ardamax Keylogger logs information about the Internet addresses the user has visited. This invisible spy application is designed for Windows 98, ME, NT4, 2000, XP and 2003.
[E.C.S. International.Downloader]
Product=E.C.S. International.Downloader
Company=E.C.S. International BV
Threat=Malware
CompanyURL=ecsinternational.info
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It downloads malware/adware bundles from the internet. After download the files are excuted and the malware is installed. Autorun entries affect that the malware is loaded on every windows start. Examples for downloaded malware: UCMore, CommandService, Look2Me, ...
[FakeScreener.CBrowserHelper]
Product=FakeScreener.CBrowserHelper
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a Microsoftfile for supporting screenshots in secure connections
Privacy=
Description=Faked Microsoftfiles which may use the WMF exploit to enter the users system.
[Haxdoor.J]
Product=Haxdoor.J
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a picture
Privacy=
Description=Haxdoor.J enters the computer throught the WMF exploit and pretends to be a systemfile.
[LD.WMF]
Product=LD.WMF
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be part of a picture
Privacy=
Description=This trojan comes with a picture and uses the WMF exploit to enter the computer. It then connects without any authorisation to a fixed IP adress while running in background.
[Microsoft.WindowsSecurityCenter.FirewallBypass]
Product=Windows Security Center.FirewallBypass
Company=
Threat=SecurityRisk
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This will be shown if applications are set to be authorized by the Windowsfirewall.%0D%0AFor instance the Jupilites trojan authorizes the explorer to be allowed to bypass the Windowsfirewall, normally you don't want your explorer to enter the internet.%0D%0AIf you set this manually or this has been done by your administrator you can ignore this.
[Warsow]
Product=Warsow
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware adds itself under the unsuspecting name "startkey" to the systemstart. It runs without user consent.
[PWS.Qqgame]
Product=PWS.Qqgame
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=pretends to belong to Windows
Privacy=
Description=Disguises as likely parts of Windows and downloads other trojan horses and malware without user consent and installs them.
Functionality=security settings for the Internet Explorer
Privacy=
Description=Security settings for the Internet Explorer can be changed by malware.%0D%0ASome of the settings can also be changed by security software. In case you have additional security softwre installed, make sure that it is working properly.%0D%0A%0D%0A
[Zonemap.Domains]
Product=Zonemap.Domains
Company=
Threat=SecurityRisk
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Zonemap domains are responsible for the website restrictions within the Internet Explorer%0D%0ABad websites should only be added to the restricted zones, so they cannot execute any scripts.
Privacy=
Description=These entries are being flagged because malicious websites have been added to other zones than the restricted one.
[IMG.WMF]
Product=IMG.WMF
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a picture
Privacy=
Description=Executive hidden in WMF, using the WMF exploit to enter the computer.
[ICS.WMF]
Product=ICS.WMF
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a picture
Privacy=
Description=This Trojan uses the WMF exploit on unpatched Windows computers to execute itself. It then connects to the internet in background and downlods additional files without user consent.
[Search-Daily]
Product=Search-Daily
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a search website
Privacy=
Description=Redirects the browser to its own useless search site.%0D%0AMay also redirect to other more useful search sites.%0D%0ASearch-Daily has no Terms of use or a privacy policy.%0D%0AIt also hides its whois database entries, which is not valid for legal companies.
[STR.WMF]
Product=STR.WMF
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a picture
Privacy=
Description=This trojan horse uses the WMF exploit to get executed by opening it on an unpatched Windows computer.%0D%0AIt connects to the internet in background and downloads and executes an exe file which will then use about 100% of the cputime.
[Trojan.Proxy.Agent]
Product=Trojan.Proxy.Agent
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a Microsoft file or picture
Privacy=
Description=This trojan horse uses the WMF exploit to enter the computer on unpatched Windowssystems.%0D%0AIt pretends to be a Microsoft file.
[Backdoor.Win32.SDBot.gen]
Product=Backdoor.Win32.SDBot.gen
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file creates registry entries and changes security settings of the system.
[Win32.Delf.aml]
Product=Win32.Delf.aml
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file launches the Internet explorer in background and installs a BHO without user consent or even the users notice.
[Win32.Small.dqt]
Product=Win32.Small.dqt
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file runs in background and establishes a TCP/IP connection with a remote address on port 1039.
[Win32.Small.aqy]
Product=Win32.Small.aqy
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file deletes itself but launches svchost.exe, which connects to the internet and establishes a TCP/IP connection.
[Win32.Small.ddx]
Product=Win32.Small.ddx
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The .dll file connects to the Internet in background and installs files into the system32 directory which also runs in background. These files interact regularly with several websites.
[Zlob.strCodec]
Product=Zlob.strCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Isponer]
Product=Isponer
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Isponer installs itself on the computer and hijackes the startpage of the Internet Explorer to a chinese searchpage.
[LocatorBar]
Product=LocatorBar
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=LocatorBar installs a toolbar into the Internet Explorer and hijackes your Internet Explorer to a dubious searchpage. There is no way to uninstall the toolbar on a usual way.
[NSIS Media Extension]
Product=NSIS Media Extension
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=NSIS Media Extension installs in a hidden process on the computer and creates a lot of pop ups when the user is surving the internet.
[Rukap.DN]
Product=Rukap.DN
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The Trojan Rukap.DN copies itself into the system directory of your operating system and tries to connect to the internet. When the trojan is connected with a server it waits for new orders to spy out the user
[Zlob.HQvideo]
Product=Zlob.HQvideo
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers. This variant also changes the dhcp name server.
[WMF Exploit]
Product=WMF Exploit
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a picture
Privacy=
Description=Trojan horses embedded in WMF picture files that get executed on unpatched Windows Systems.
[Downloader.Adload.aa]
Product=Downloader.Adload.aa
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Once executed the file downloads and starts many spyware/adware/malware products from various sites. Downloaded products are e.g. Command Service, Tsupdate, Look2me, Network Monitor, Smitfraud-C., Targetsaver, UCmore...
[WarezP2P]
Product=WarezP2P
Company=Neoteric Ltd
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a peer to peer software that is bundled with new.net and nothing else.
Privacy=
Description=In fact the software does not work at all, and new.net is not the only other software that gets installed. While new.net is shown during installation, the malware swizzor is not.%0D%0AVarious other executive files are installed and run in background and systemstart without user consent. Those files also run the Internet Explorer 2 times in background and restart it via a hook to the Explorer if the Internet Explorer processes are disabled.
[iPhox]
Product=iPhox
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Appears to be a valid IP-phone application, compareable to Skype
Privacy=
Description=Link to privacy shows a 404 error although the website works fine and the EULA is delivered with the application --> intentionally no Privacy Policy statement.%0D%0AAlso gets advertised via trojan horses like WarezP2P.
[PurityScan.Q]
Product=PurityScan.Q
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some updater for a not named application
Privacy=
Description=The updater does not look for a software to be updated, it just scans Windows for its libraries that allows access to the internet. Since the updater does not belong to Microsoft and obviously does not belong to any other legal software and has internet access capabilities, it is categorized as a trojan horse that poses as an updater.
[Kelvir]
Product=Kelvir
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Opens MS Windows Messenger and sends a message to the entire buddy list. The message contains a link to a picture which contains a virus. Please don't open this picture.
[Nurech.D]
Product=Nurech.D
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan Nurech.D copies itself into the system directory of your operating system and tries to connect to the internet. When the trojan is connected to a server he waits for new orders to spy on the user┤s habits.
[Win32.Ezula.cc]
Product=Win32.Ezula.cc
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan Win32.Ezula.cc copies itself into the system directory of your operating system and tries to connect to the internet. When the trojan is connected to a server he waits for new orders to spy on the user┤s habbits.
[Win32.TrafficSol.c]
Product=Win32.TrafficSol.c
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.TrafficSol.c installs itself into the system directory and tries to connect to the internet. When it is connected it produces several annoying pop ups when the user is browsing the web.
[TagASaurus]
Product=TagASaurus
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=TagASaurus installs itself into the windows directory and tries to connect to the internet. When it is connected it produces several annoying pop ups when the user is browsing the web.
[Win32.Agent.ag]
Product=Win32.Agent.ag
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.ag installs itself into the system directory and tries to connect to the internet. When it is connected it produces several annoying pop ups when the user is browsing the web.
[Win32.Agent.aaf]
Product=Win32.Agent.aaf
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.aaf installs itself into the system directory and tries to connect to the internet. When it is connected it produces several annoying pop ups when the user is browsing the web.
[Zlob.XpassGenerator]
Product=Zlob.XpassGenerator
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a password generator for third-party website passwords
Privacy=
Description=Like most applications affiliated with Zlob the stated function is not available. To avoid detection by anti-malware-scanners, the installer files get changed frequently.
[Zlob.iMediaCodec]
Product=Zlob.iMediaCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Win32.Busky.AZ]
Product=Win32.Busky.AZ
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan Win32.Busky.AZ installs a BHO without user consent and devourses a lot of system resources slowing the computer down.
[Adware.Webext]
Product=Adware.Webext
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Adware.Webext copies itself into the system directory and tries to connect to the internet. When it is connected to a server it displays advertisements based on keywords entered in Internet Explorer.
[Win32.Agent.hl]
Product=Win32.Agent.hl
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.hl installs itself into the system directory and tries to connect to the internet. When it is connected it produces several annoying pop ups when the user is browsing the web.
[Zlob.Mediacodec]
Product=Zlob.Mediacodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Delf.LH]
Product=Delf.LH
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Once executed it creates a BHO without user consent and uses the legal Classid of the MSN-Toolbar to fraud the user. It also connects to the internet, tries to downoad files and creates files in the user┤s temporary folder.
[MDMSpy]
Product=MDMSpy
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Once executed the file copies itself into the System32 directory and deletes the original file. It changes settings in the registry. Keystrokes, visited internet pages and opened files are stored in a file.
[TelekomBill.Fake]
Product=TelekomBill.Fake
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It is spread by email and looks like a very expensive telekom bill delivered as pdf file. But it is an executable file. Once executed it connects without user consent to the internet and tries to download different files. It creates files and one copy of itself in the system directory, creates autorun entries to be loaded on every windows start. Some settings are added to the registry.
[Smitfraud-C.SpamThru]
Product=Smitfraud-C.SpamThru
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=This Trojan enters itself as Explorer with a four digit number in system start, thus posing as some part of the Explorer
Privacy=
Description=This trojan horse runs in background and connects to a remote server, bypassing the Windows firewall. It can take orders from the remote server to download a pirate copy of Kaspersky Antivirus to uninstall other malware than itself, it will also hijack the hosts file to block the servers from antivirus vendors.
[PSW.Lineage.TW]
Product=PSW.Lineage.TW
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=pretends to be a Windows systemfile
Privacy=
Description=This trojan horse pretends to be the svchost.exe. It runs hidden and installs a library in background which references a tawainese yahoo.com login website. It appears that the trojan horse is made to spy on taiwanese yahoo login data.
[MediaMotor.IEMonitor]
Product=MediaMotor.IEMonitor
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Once executed it copies iself in the Windows directory without user consent and creates autorun entries to be loaded on every Windows start. It changes some parts of the registry.
[Win32.Small-2854]
Product=Win32.Small-2854
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Once executed it downloads files from the internet without user consent. It creates a service and also an autorun entry to be loaded on every Windows startup. This autorun entry and two files in the Windows directory are hidden from the Windows API, so the user won┤t see the files. %0D%0AAdditional removing instructions: Reboot Windows in safe mode and run Spybot - Search & Destroy to remove the threat completely.
[XPreload]
Product=XPreload
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=If executed this trojan horse will run in background and download various other malware.
[SearchClickAds]
Product=SearchClickAds
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Pretends to be a system configuration tool
Privacy=
Description=Adds itself as browser helper objekt (BHO) to the Internet Explorer to start automatically if the IE is started. It connects to the internet in background, installs itself without user consent and causes popups and error messages.%0D%0AMay be installed by other trojan horses.
[PSCastor]
Product=PSCastor
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=PSCastor sneaks into the system via a trojan horse. It does not ask for any permission and runs in background in multiple instances.
[Batty]
Product=Batty
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Batty gets onto your system via a trojan horse, installs itself without any permission and runs in background. Together with other malware it causes the system to slow down , shows multiple popups and error messages. The computer may not be responsive anymore.
[BannerRotator]
Product=BannerRotator
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=BannerRotator installs itself via a trojan horse without any permission. It runs in background and hooks itself to the Internet Explorer. It also starts the Internet Explorer in background multiple times and causes popups. Together with other malware it may cause the computer to be unresponsive to user┤s command.
[CMFibula]
Product=CMFibula
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=CMFibula installs itself without permission in background via a trojan horse. Together with other malware it runs in background and causes the computer to run out of resources. It may also be responsible for various error messages and popups.
[Zelda]
Product=Zelda
Company=
Threat=Malware
CompanyURL=DINKUMWARE Ltd.
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Zelda is a browser helper object (BHO) displaying ads from its host when visiting a new page. Zelda updates itself automatically and, controlled by its host, it can also download and execute software.
[DuDuAccelerator]
Product=DuDuAccelerator
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=DuDuAccelerator displays popup ads and monitors user's internet activities.
[DeepDive]
Product=DeepDive
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs an browser helper object (BHO) into the Internet Explorer without giving the user a possibility to cancel that process. Also load CoolWWWSearch.OleHelp
[DriveCleaner 2006]
Product=DriveCleaner 2006
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Pretends to be a registry cleanup utility
Privacy=
Description=DriveCleaner 2006 is spread by a trojan horse and pretends to be a registry cleanup utility. If you scan your computer with DriveCleaner 2006 it may display hundreds of threats, which should get fixed by the user. But when you try to fix these problems, you have to purchase a licence.
[FirePass.E]
Product=FirePass.E
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan FirePass.E copies itself into the system directory of your operating system and tries to connect to the internet. When the trojan is connected to a server he waits for new orders to spy on the user┤s habbits.
[Win32.Agent.uj]
Product=Win32.Agent.uj
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan Win32.Agent.uj copies itself into the system directory of your operating system and tries to connect to the internet. When the trojan is connected to a server he waits for new orders to spy on the user┤s habbits.
[Win32.Bagle.N]
Product=Win32.Bagle.N
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Bagle.N copies itself into the system directory of the operating system and tries to connect to the internet. Then it waits for new orders to harm the computer.
[Win32.Sdbot.aad]
Product=Win32.SdBot.aad
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan Win32.SdBot.aad copies itself into the system directory of your operating system and tries to connect to the internet. When the trojan is connected to a server he waits for new orders to spy on the user┤s habbits.
[Zlob.PornPassManager]
Product=Zlob.PornPassManager
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Zlob.VideoKeyCodec]
Product=Zlob.VideoKeyCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[AdCom]
Product=AdCom
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Website appears to be not properly working, but the AdCom installer is available.%0D%0AAdCom installs as an advertising module and shows advertising within the Internet Explorer on alle webpages, even locally stored ones. It also enters some nonesense into the win.ini.%0D%0AThere is no information nor EULA or Privacy Policy stated by the distributor.
[BugsPrey]
Product=BugsPrey
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan client-application. Performs remote scans and creates an Internet connection.
[Creazione]
Product=Creazione
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Creazione establishes connections to a toll number without the user's knowledge or permission.
[PassiveTerror]
Product=PassiveTerror
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Downloads files from a remote host to user┤s PC wihtout consent.
Description=SaferSurfing copies itself into the system directory and installs a BHO without permission.
[WebQuick]
Product=WebQuick
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WebQuick copies itself into the system directory and install a BHO without permission. Forces Windows to restart.
[AntiverminsPro]
Product=AntiverminsPro
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Antivermins claims to be a antivirus solution. It is spread by aggressive advertisement and if the user starts a scan it only pretends to be scanning.
[AdvancedKeylogger]
Product=AdvancedKeylogger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AdvancedKeylogger gets installed into the system directory and runs silently in the background. It records all keystrokes without the user's awareness or consent about this.
[Razespyware]
Product=Razespyware
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Razespyware is supposed to be an antivirus program.
Privacy=
Description=Razespyware claims to be an antivirus program. It is often combintated with an infection of Smitfraud-C. %0D%0AIt is heavily advertised by popups generated by Smitfraud-C., these popups include misleading messages, to make the user buy Razespyware
[Win32.Limar]
Product=Win32.Limar
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Limar copies itself into the system directory of the operating system and tries to connect to the internet. Thereafter it waits for new orders to harm the computer.
[Win32.VB.aua]
Product=Win32.VB.aua
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.aua copies itself into the system directory of the operating system and tries to connect to the internet. Thereafter it waits for new orders to harm the computer.
[Zlob.MMediaCodec]
Product=Zlob.MMediaCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Zlob.IVideoCodec]
Product=Zlob.IVideoCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Busky.Gen]
Product=Busky.Gen
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file installs BHOs and creates some Registry and Autorun entries. The BHOs try to connect to intercage.com on IE-Startup.
[Win32.Small.doh]
Product=Win32.Small.doh
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file establishes a TCP connection to a remote server without user consent and keeps on listening.
[Clicker.Small.Jf]
Product=Clicker.Small.Jf
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a wallpaper
Privacy=
Description=This trojan horse gets installed in background and disguises as a trojan horse. It operates with other malware and trojan horses to compromise the computer┤s security, to download additional malware and to display popups.
[Downloader.Small.Dgk]
Product=Downloader.Small.Dgk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a part of the kernel
Privacy=
Description=This trojan horse gets installed in background by other trojan horses. It pretends to be a part of the Windows kernel and works with other malware and trojans to compromise the system security and to download additional malware and trojan horses.
[Smitfraud-C.Deskbar]
Product=Smitfraud-C.Deskbar
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a deskbar
Privacy=
Description=This deskbar is a part of the Smitfraud-C. malware, which gets installed in background and helps other malware and trojans to promote malicious security software, to compromise system security and shows popups.
[CoolWWWSearch.GonnaSearch]
Product=CoolWWWSearch.GonnaSearch
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a browser helper object with search functions for the Internet Explorer
Privacy=
Description=This trojan horse gets installed in background, it runs in various deceptive form in background, allows other malware and trojans to enter the computer and promotes malicious security software.
[Zlob.FreeVideo.DVDCodec]
Product=Zlob.FreeVideo.DVDCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[NetTechnology.Inc]
Product=NetTechnology.Inc
Company=NetTechnology.Inc
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It dials up a toll number and replaces the default dial up connection by a toll number.
[ISearchTech.ISTbar]
Product=ISearchTech.ISTbar
Company=ISearch Technologies
Threat=Malware
CompanyURL=http://isearchtech.com/
CompanyProductURL=http://www.ysbweb.com
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It installs a IE-toolbar without user consent which links to porn and other adult content pages. It also downloads other products of ISearch Technologies. After installation it connects to a malicious website and executes a script on that server. Often it could be found in cracks for games etc.
[Tradedoubler]
Product=Cookie
Company=Tradedoubler
Threat=Tracking cookie or cookie of tracking site.
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Uses information about your web surfing that could include any information, like accounts and passwords.
[AzoogleAds]
Product=Cookie
Company=AzoogleAds
Threat=Tracking cookie or cookie of tracking site.
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
[AffiliateFuel]
Product=Cookie
Company=AffiliateFuel
Threat=Tracking cookie or cookie of tracking site.
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
[Clickbank]
Product=Cookie
Company=Clickbank
Threat=Tracking cookie or cookie of tracking site.
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
[AdRevolver]
Product=Cookie
Company=AdRevolver
Threat=Tracking cookie or cookie of tracking site.
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Uses information about your web surfing that could include any information, like accounts and passwords.
[BlueStreak]
Product=Cookie
Company=BlueStreak
Threat=Tracking cookie or cookie of tracking site.
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
[Matchcraft]
Product=Cookie
Company=Matchcraft
Threat=Tracking cookie or cookie of tracking site.
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
[Zedo]
Product=Cookie
Company=Zedo
Threat=Tracking cookie or cookie of tracking site.
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
[Intellitracker]
Product=Cookie
Company=Intellitracker
Threat=Tracking cookie or cookie of tracking site.
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
[Mediaplex]
Product=Cookie
Company=Mediaplex
Threat=Tracking cookie or cookie of tracking site.
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
[Omniture]
Product=Cookie
Company=Omniture
Threat=Tracking cookie or cookie of tracking site.
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
[Statcounter]
Product=Cookie
Company=Statcounter
Threat=Tracking cookie or cookie of tracking site.
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy="StatCounter.com respects the privacy and rights of its visitors. No effort is made to identify individuals without their knowledge.%0D%0A%0D%0A * When a visitor requests pages from the StatCounter.com site, our Web servers automatically log the browser's domain name, and IP address. This information is collected solely for statistical purposes and is not used to identify individuals.%0D%0A * To enable StatCounter.com to track your unique visitors we send a cookie to your visitors' computer. This information is collected solely to improve the service we offer to you and statistical purposes and is not used to identify individuals.%0D%0A * StatCounter.com maintains a strict "no-spam" policy. Your e-mail address will not be sold to a third party.%0D%0A"%0D%0A%0D%0A"Unique Visitor%0D%0A%0D%0AWhat is a unique visitor? A unique visitor at StatCounter is based purely on a cookie. You can specify your visitor session length from 30 mins up to one week. Basically the first time someone visits your website they are considered a unique visitor. Then a tiny cookie with no personally identifiable information (just your project id and a simple variable) is created.%0D%0A%0D%0AIf that visitor session stays active, by them visiting your website again and again before the session time expires then they won't be counted as a unique visitor again. But if the session time has expired, they are counted as a unique visitor again and a new session is created. And it starts all over again."
Description=Uses information about your web surfing that could include personal information like the IP address. This information is used to track unique users through websites using statcounter. Statcounter states that the webmaster can adjust the time to live of the tracking cookie from 30min to on week, while years are also possible.
[Zanox]
Product=Cookie
Company=Zanox
Threat=Tracking cookie or cookie of tracking site.
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=
[WebTrends live]
Product=Cookie
Company=WebTrends live
Threat=Tracking cookie or cookie of tracking site.
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Uses information about your web surfing that could include any information, like accounts and passwords.
[SpySheriff]
Product=SpySheriff
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be an antispyware software
Privacy=
Description=This malware pretends to be a valid antispyware solution. But it only exaggerates the results, and also shows intentional false positives to make the user pay for the full version, which is heavily advertised by the Smitfraud-C. malware. Usually a trial version of SpySheriff gets installed without user consent along with other malware like Smitfraud-C.
[Adir.Wget]
Product=Adir.Wget
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=pretends to be wget
Privacy=
Description=This trojan horse gets installed with other trojans and malware. It connects to a russian IP-address in background and pretends to be wget 3.0. It also adds itself to the system start and authorizes itself for the Windows Firewall
[Adware.IEPageHelper]
Product=Adware.IEPageHelper
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be legal browser helper object (BHO) for the Internet Explorer
Privacy=
Description=This BHO gets installed along with other malware such as Smitfraud-C., it does not ask for any permission and apparently has no usefull function for the user
[ClickConsulting]
Product=ClickConsulting
Company=Click Consulting ltd.
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legal browser helper object (BHO) for the Internet Explorer
Privacy=
Description=It gets installed in background without any permission and comes along other malware. It references a porn website.
[CoolWWWSearch.Dreplace]
Product=CoolWWWSearch.Dreplace
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Part of the CoolWWWSearch hijackers. It installs itself without any permission in background. It hooks itself to the Internet Explorer and redirects it┤s searches and/or homepage to CoolWWWSearch websites, which harbor other malware or fraudware
[CoolWWWSearch.Leftovers]
Product=CoolWWWSearch.Leftovers
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Part of the CoolWWWSearch hijackers. It installs itself without any permission in background. It hooks itself to the Internet Explorer and redirects it┤s searches and/or homepage to CoolWWWSearch websites, which harbor other malware or fraudware. ToolbarCC appears to be a part of this hijacker.
[Zippy]
Product=Zippy
Company=Masterly International
Threat=Adware
CompanyURL=http://www.zippy-Lookup.com/
CompanyProductURL=http://www.zippy-lookup.com/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Zippy floods the registry with entries and causes several porn pop-ups.
[MovieLand]
Product=MovieLand
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=MovieLand gets installed automatically without user consent and tries to connect to a malicious website. On these website a lot of porn stuff is offered and if the user tries to download it he has to purchase an annual licence
[Dadobra]
Product=Dadobra
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Dadobra copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer. The trojan creates a fake autorun entry called "AVG Antivirus" so it is very difficult to recognize it.
[HotsearchBar]
Product=HotsearchBar
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Once executed it establishes a connection to the internet without user consent. I.e. it connects to mainstreamdollars.com and toolbar.trafficgeneration.biz. It downloads many other malware like AbetterInternet. Many files are stored in the user┤s system directory and temporary folder.
[Dropper.ragger]
Product=Dropper.ragger
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Once executed it creates files and a folder in the temporary folder and executes the files without user consent. Additionally an autorun entry is created so that the created folder will be deleted on next windows start. A TCP connection is established to communicate with the internet.
[GJeans30]
Product=GJeans30
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Downloads well known malicious software like TagASaurus, DriveCleaner etc.
[RegiFast]
Product=RegiFast
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=RegiFast Software
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs program in "DegiFast"-Directory without the user's consent.%0D%0A%0D%0A
[PSLister]
Product=PSLister
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan starts up automatically and copies exe-files into the windows directory. It also downloads other objects (PSCastor, MediaMotor, SexList, YazzleSudoku etc.) without giving the user a possibility to stop this process.
[Zlob.TrueCodec]
Product=Zlob.TrueCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to the infected computer.
[Zlob.QualityCodec]
Product=Zlob.QualityCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to the infected computer.
[Zlob.EliteCodec]
Product=Zlob.EliteCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Intexp.D]
Company=Intexp.D
Product=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Intexp.D creates several entries in the registry and so is started automatically with system startup. When the user tries to connect to the internet the trojan tries to connect to a server and waits for new orders to harm the computer.
Description=Trojan that has been build with Trojan NuclearWinter and tries to connect to malicious websites.
[Xpehbam]
Product=Xpehbam
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tries to connect to an expensive website via modem.
[Tech-Productions]
Product=HPatch
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tries to spy on the user.
[Sdbot-HB]
Product=Sdbot-HB
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Each time the Trojan runs it attempts to connect to a remote IRC server and join a specific channel. The Trojan then runs continuously in the background listening on the channel for commands to execute
[KeySpy]
Product=KeySpy
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This program is a classical keylogger - it logs every single keystroke in a file named after the date (e.g. 18_10_2006.dat). This file can be viewed as a simple text file.
[Moncher]
Product=Winhlp
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tries to spy on the user
[AV Devil 2]
Product=AV Devil 2
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=New version of AV Devil. AV Devil is a program that disables your firewall and/or your anti virus software.
[DSplit]
Product=DSplit
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=DSplit is a malware tool made to manipulate files.
[Piscopo]
Product=
Company=Piscopo
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Establishes an expensive connection to a server on the Cayman Islands (EUR 1,49/min).
Description=This dialer establishes an expensive connection to a 0190-number (Ç 29,95/call)
[SennaSpyTools]
Product=Senna
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This tool allows the user to create a trojan in a very simple way.
[AV Devil]
Product=AV Devil
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AV Devil is a program that disables your firewall and/or your anti virus software.
[Tequila Bandita]
Product=Tequila Bandita
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This tool allows the user to create a trojan in a very simple way.
[Plog 1.1]
Product=Plog 1.1
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Plog 1.1 records all keystrokes without user consent.
[Omega II]
Product=Omega II
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Omega II is a tool to build up a server for a trojan.
[BestToolBars]
Product=BestToolBars
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=BestToolBars is a toolbar for the Internet Explorer(IE) that claims to give free access to pictures, online games etc.
Privacy=
Description=This toolbar refreshes IE every second making normal surfing impossible and causing traffic all the time.
[Fizzlebar]
Product=Fizzlebar
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=A dangerous toolbar in Internet Explorer which tries to spy out the users surfing behaviour.
[Padodo-P]
Product=Padodo-P
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Padodo is a trojan spreading via spam mails. These emails are sent with sender "Rechnung-Online@telekom.de" and they claim that the telephone bills were attached. When the attachments are executed the trojan installs in the Windows folder under the name "csrss.exe" (attention: this is NOT the original Windows file "csrss.exe" in the system32 folder!) and opens ports thus making the computer vulnerable to attacks from the internet.
[Unisearch]
Product=Unisearch
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Unisearch tries to connect to www.uni--search, sets this page as start page in IE and hides itself in the System32 folder. In addition it creates an autorun entry named svchost.exe that establishes the connection to www.uni--search on each Windows startup.
[WinsoX]
Product=WinsoX
Company=
Threat=Trojans
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This piece of spyware sends information about the user's surfing habits to its host.
[Newspopupper]
Product=Newspopupper
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Newspopupper tries to hijack the startpage of Internet Explorer.
[Fake.Wget]
Product=Fake.Wget
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This is a trojan that is often installed with small "fun programs". In this case there is a small capricorn hopping across the desktop - it is run on each system startup and cannot be closed.
[AV-Killer]
Product=AV-Killer
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AV-Killer checks the system for anti virus programs and tries to close/remove these.
[Nethacker]
Product=Nethacker
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=A program designed to hack SQL servers.
[Apphunter]
Product=Apphunter
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Apphunter starts on Windows startup, causes popups and uses resources. In addition it allows other users to spy on passwords.
[Catal]
Product=Catal
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=After being executed the program downloads several files from the internet, that are run on each Windows startup and create popups.
[DarpMeter]
Product=Darpmeter
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Darpmeter is running in the background all the time using the system's resources. It is run without user consent.
[MBKW-Bar]
Company=
Product=MBKW-Bar
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This hijacker installs an IE toolbar without user consent. It creates several registry entries and slows down the PC noticeably.
[Medload]
Product=Medload
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This piece of malware is run on each system startup creating miscellaneous popups.
[Startpage-AP]
Company=
Product=Startpage-AP
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This piece of malware installs itself without the user taking note of it - in consequence it will be run on each system startup causing nasty pop-ups.
[GrokLoader]
Product=GrokLoader
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This piece of malware downloads several files from the internet which are run on each system startup enabling an attack on the computer. It runs without any user consent.
[UnoSearch]
Product=UnoSearch
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=UnoSearch installs itself to the System32 folder, changes the IE start page and redirects sites to an unwanted search page.
[EffectiveBandToolbar]
Product=EffectiveBandToolbar
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This piece of malware hijacks IE. It sets the start page to about:blank, but redirects to a dubious search engine. In addition to this it bombards the user with popups making normal internet surfing impossible.
[MyToolBar]
Product=MyToolBar
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This hijacker installs an IE toolbar without user consent and redirects the start page to its own website. At the same time it asks the user again and again to install the korean character set. In addition to this it installs numerous files into the System32 folder.
[IRC-Worm 1.4]
Product=IRC-Worm 1.4
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=A program to generate IRC viruses.
[Switp]
Product=Switp
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This program is run on each system startup and connects to a server without user consent, thus making the computer vulnerable.
[NeedEdware]
Product=NeedEdware
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This program installs itself into the System32 folder against the user's will and runs on each system startup trying to connect to a server.
[Ettray]
Product=Ettray
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This piece of malware is started on system startup and tries to hamper security tools making the PC more vulnerable.
[AV-Gold]
Product=AV-Gold
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=AV Gold claims to be a virus scanner.
Privacy=
Description=As soon as the system is infected with AV-Gold, a red symbol and a balloon come up next to the system clock asking the user to scan his computer for viruses. Clicking on this symbol leads to a dubious web site offering a "free scan". After downloading the program it finds alleged viruses (hookdump) which get installed by AV-Gold and asks the user to remove those. Of course, this is only possible after purchasing the program for $20.
[Cashsaver]
Product=Cashsaver
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This program maintains some perpetual connections to the internet and downloads many files to the System32 folder. This makes normal web surfing almost impossible and makes the computer vulnerable for attacks.%0D%0AThere is of course no user consent.
[Simplenter]
Product=Simplenter
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The program hijacks the startpage of Internet Explorer.%0D%0A
[PSGuard]
Product=PSGuard
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=PSGuard seems to be in close relation to Smitfraud-C. It is installed together with Smitfraud-C. and pretends to be an antivirus solution. Scanning with PSGuard will return some viruses found (previously installed by PSGuard) but the user cannot remove them without buying the full version for about EUR 20. As PSGuard is often installed with Smitfraud C against the user's will, full alertness is essential.
[RealDownloadExpress]
Product=RealDownloadExpress
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=RealDownloadExpress is a download manager.
Privacy=
Description=This download manager collects and circulates information about the surfing and downloading habits of the user. It does also send the user's IP address with this information.
[NWS-Search]
Product=NWS-Search
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This hijacker changes the IE start page to a dubious search engine and displays porn popups every now and then.
[Windows Security Center.TaskManager]
Product=Windows Security Center.TaskManager
Company=
Threat=Changed Security Center Settings
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The Windows task manager can be disabled and/or get hidden. There is normally no way within the common Windows user interface to revert this.%0D%0ASome malware ist capable of tempering the task manager. If for some reason you or your administrator disabled or hid the taskmanager you can ignore this.
[Spyware Cleaner]
Product=Spyware Cleaner
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Spyware Cleaner pretends to be valid antispy software.
Privacy=
Description=When Spyware Cleaner is installed on the computer it finds a lot of malware (that does not really exit) and that can only be removed after buying a licence
[SpyTrooper]
Product=SpyTrooper
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=SpyTrooper pretends to be an antivirus software.
Privacy=
Description=SpyTrooper seems to be in close relation to Smitfraud-C. It is installed together with Smitfraud-C. and pretends to be an antivirus solution. Scanning with SpyTrooper will return some viruses found (previously installed by SpyTrooper) but the user cannot remove them without purchasing the full version for about EUR 20. As SpyTrooper is often installed with Smitfraud-C. against the user's will, full alertness is essential.
[FatPickle]
Product=FatPickle
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Fatpickle installs a toolbar against the user's will. It changes the start page and infects the computer with some other malevolent products.
[GoldenKeylogger]
Product=GoldenKeylogger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=GoldeneyeKeylogger gets started with system startup and runs in the background of the system. It records all keystrokes and tries to spy on the user┤s system.
[CramToolbar]
Product=CramToolbar
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The CramToolbar installs itself without user consent when visiting certain dubious websites.The start page is redirected to a porn site and normal internet surfing is almost impossible.
[SpywareBomber]
Product=SpywareBomber
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=SpywareBomber pretends to be a valid antispyware software.
Privacy=
Description=SpywareBomber gets installed on the computer without user consent. When it is installed on the computer it finds a lot of malware (that does not really exist) and that only can be removed by purchasing a licence.
[Phoenix]
Product=Phoenix
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The program installs a keylogger which records all keystrokes of the user without his consent.
[Registry Cleaner 32]
Product=Registry Cleaner 32
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The program is advertising through the windows messenger service and prooves to be a program that cleans up the registry. The scan finds some problems that can only be fixed after purchasing a licence.
[Repair Registry Pro]
Product=Repair Registry Pro
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The program is advertising through the windows messenger service and prooves to be a program that cleans up the registry. The scan finds some problems that can only be fixed after purchasing a licence.
[Accoona]
Product=Accoona
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This program installs an IE toolbar and changes the start page without user consent. During installation there is no possibility to choose a directory, the program does not have a visible uninstaller. Executing the installer manually removes the toolbar, but some files will not be removed.%0D%0AThe toolbar is supposed to work like a search engine. And it in fact does find some good results but as soon as the user clicks on a link it connects to another URL for a short time before it finally goes to the desired page.
[Cesmo]
Product=Cesmo
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The program comes in disguise with the logo of Windows Media Player and as soon as it is run, it shows several asian porn pages in the Internet Explorer.
[SearchEssistantBar]
Product=SearchEssistantBar
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs a dangerous toolbar in Internet Explorer
[YourSoft-AntiVT]
Product=YourSoft-AntiVT
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=YourSoft-AntiVT claims to be an antivirus solution. If it is installed on the computer it tells that it found a virus on the system even if the computer was not scanned and is totally clean. If the user wants to fix the problems or if he wants to scan his system he has to purchase a licence.
[YourSoft-AntiVS]
Product=YourSoft-AntiVS
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=YourSoft-AntiVS claims to be an antivirus solution. When it is installed on the computer it tells that it found a virus on the system even if the computer was not scanned and is totally clean. If the user wants to fix the problems or if he wants to scan his system he has to purchase a licence.
[Adware-Remover]
Product=Adware-Remover
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Adware-Remover claims to be an antivirus solution. If it is installed on the computer it detects some spyware even if the computer is a totally clean machine. If the user wants to fix these problems, he has to purchase a licence.
[BackOrifice2k]
Product=BackOfrice
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan tries to open a backdoor on the computer and so the computer is very insecure and can be exploited by attackers from the internet.
[BackOrifice.B]
Product=BackOfrice
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan tries to open a backdoor on the computer and so the computer is very insecure and can be exploited by attackers from the internet.
[SpyHunter]
Product=SpyHunter
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyHunter claims to be an antivirus solution. If it is installed on the computer it detects some spyware even if the computer is a totally clean machine. In order to fix these problems, the user needs to purchase a license.
[Absolutee.PornoHome]
Product=Absolutee.PornoHome
Company=Absolutee Corp Ltd.
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Executive is named to look like a harmless application like Winzip.
Privacy=
Description=Once executed this hijacker runs in background and starts the Internet Explorer in two instances. One instance connects to a pornwebsite, while the other runs in background.%0D%0AThe executable file is usually downloaded by trojans.
[ISearchTech.YSB]
Product=ISearchTech.YSB
Company=ISearch Technologies
Threat=Malware
CompanyURL=http://isearchtech.com/
CompanyProductURL=http://www.ysbweb.com
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It installs a IE-toolbar without user consent which links to porn and other adult content pages. It also downloads other products of ISearch Technologies. After installation it connects to ysbweb.com.
[Zlob.PerfectCodec]
Product=Zlob.PerfectCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Win32.Pakes]
Product=Win32.Pakes
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Pakes copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Stration.C]
Product=Stration.C
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Stration.C copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Tibs.id]
Product=Tibs.id
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tibs.id copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Zlob.VideoCompressionCodec]
Product=Zlob.VideoCompressionCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Win32.Small.na]
Product=Win32.Small.na
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.na copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Win32.Clicker]
Product=Win32.Clicker
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Downloads well known malicious software like CoolWWWSearch.GonnaSearch, Deskwizz, Smitfraud-C. etc.
[TrojanNotifier.Win32.Kipnot]
Product=TrojanNotifier.Win32.Kipnot
Company=Fethy
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=no description
Privacy=not stated
Description=Kriminal IP Notification is one of the aliases for this product.%0D%0AThe original file name is mail2.exe%0D%0AThe product can be set to send automatically and masked.%0D%0AIt reports the host IP address.
Functionality=EMusic promises a free trial to download mp3 music.
Privacy=Information We Collect %0D%0AWe collect information about you when you visit and use our site and services (collectively, the "Site"), and particularly when you enter or input information, whether during the course of entering, initiating, fulfilling and transmitting information or otherwise in connection with your general activities and/or use of the Site. You can visit the Site and learn about eMusic, our related products and services, and find out how to contact us without giving us any personally identifiable information. %0D%0A%0D%0AWe collect personally identifiable information from you in a variety of contexts. For example, you may be required to provide such information to us if you: (1) complete an online registration form (e.g., various sign-up forms for receiving email newsletters, registering for special offers, promotions or programs, registering for an account, entering a contest/sweepstakes or responding to a survey); (2) fill out an order form to request information; (3) register to participate in message boards and chat rooms (if any) and other community features; or (4) purchase any products or services from us or any other Dimensional businesses. Such information may include your name, email address, mailing address and zip code, phone number, and, where appropriate, a valid credit card number with expiration date. Of course, you never have to answer any of the questions we ask you (nor choose to view or listen to any multimedia content or otherwise interact with our Site), but refusal to do so may limit the products or services we can offer or provide to you. %0D%0A%0D%0AWe automatically track certain information based upon your use of the Site. We use this information on an aggregated basis to conduct internal research on our users' demographics, interests, and preferences, and to improve the Site and user experience. This information may include the URL that you just came from (whether this URL is on the Site or not), which URL you next go to (whether this URL is on the Site or not), your computer browser information, and your IP address. %0D%0A%0D%0AWe use data collection devices such as "cookies" (small text files that are placed on your computer's hard drive for record-keeping purposes) to assist us in providing our services. Cookies make using the Site easier by, among other things, saving your passwords and preferences for you, helping identify you whenever you return to our Site, and reducing the number of times you are required to enter your password during a session. Cookies can also help us provide information that is targeted toward your interests and preferences. Most Internet browsers are initially set up to accept cookies. However, you can reset your browser to refuse all cookies or to alert you when a cookie is being sent (note: you may need to consult your browser's "Help" area for instructions on how to do that). If you choose to disable your cookies setting or refuse to accept a cookie, you may not be able to use certain features on the Site and you may be required to reenter your password more frequently during a session. %0D%0A%0D%0AIf you choose to post messages to our message boards, chat rooms or other message areas or leave feedback for other users, we will collect that information you provide to us. We retain this information as necessary to resolve disputes, provide customer support and troubleshoot problems, and as otherwise permitted by law. %0D%0A%0D%0AIf you send us personal correspondence, such as emails or letters, or if other users or third parties send us correspondence about your activities or postings on the Site, we may collect such information into a file specific to you. %0D%0A%0D%0AOur Use of Your Information %0D%0AWe use your information to facilitate the provision of services you request. When you purchase products or services from eMusic, we will use your personally identifiable information to process and fulfill your order and for customer service purposes. Many online customers are particularly concerned about their credit card information, which we will share only as required by companies involved in your transaction (e.g., fulfillment, billing, mailing, storage or delivery services). We will not share your credit card information with any other Dimensional company or third party unless that company needs the number for the fulfillment or delivery of your order. We do not rent, sell or share credit card information with promotional partners or other third parties. %0D%0A%0D%0AWe may also use the information we collect about you to analyze Site usage, improve our content and product offerings, customize the Site's content, layout, and services, update you about our products or services, or to contact you about exciting offers of new products or services that we believe may be of interest to you. You always have the option to receive fewer or no communications in the future from us by opting out. You may opt out by following the instructions included in the specific communication you no longer wish to receive or by sending an email at any time to service@emusic.com and explaining how you would like to modify your preferences. %0D%0A%0D%0AOur Disclosure of Your Information %0D%0AWe may make your information available to others: %0D%0AWho provide information, products, goods or services that you have requested via the Site; %0D%0AWhen we have retained companies to work with or on behalf of eMusic to facilitate our operations and the products and services we provide to you (such companies are contractually obligated to maintain the confidentiality of your information and are restricted from using the same in any way not expressly authorized by eMusic); %0D%0AWhen you use co-branded services - in which case you are giving us permission to pass any information you provide in the context of our co-branding and marketing relationship, back to our co-branding partner. Their use of your information is subject to their own privacy policies; %0D%0AWhen we are legally compelled to do so by a governmental agency, court or other entity (e.g., to respond to subpoenas, court orders or legal process); %0D%0AIf we believe such disclosure is necessary to comply with any applicable laws or regulations, to enforce or apply the terms of our Subscription Agreement or any of our terms and conditions and policies relating to promotions, programs, product offerings or any other features or functions of the Site, or to protect and/or defend the rights, property or safety of eMusic, its suppliers, advertisers, other customers or users, or any other party; %0D%0AWho are Dimensional affiliates, subsidiaries or joint ventures; %0D%0AWho are trusted third parties (e.g., promotional partners and advertisers) so that they can promote their products and services and those of their affiliates and partners based on your preferences and interests. You may "opt out" of such disclosure(s) to the extent they include your personally identifiable information by sending an email at any time to service@emusic.com indicating your intent to do so. If you consent to share your personally identifiable information with such trusted third parties, their use of such information is subject to their own privacy policies; %0D%0AWho are users of the Site solely to the extent you choose to make such information publicly available by posting it to your profile in connection with our "eMusic Neighbors" program or via our message boards, content reviews & ratings, or other eMusic community services; and/or %0D%0AIn the event of a bankruptcy, or a merger, acquisition, joint venture or other business combination involving us. %0D%0A
Description=The privacy policy does not protect users' data, in fact the privacy policy can be used as an excuse to sell user data. In addition to this it seems to be affiliated with other malicious software.
[Xuron55]
Product=Xuron55
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=once iasnap850w.exe is executed it connects to a dynamically created URL and runs a php-script there to download %0D%0A-first.awp%0D%0A-second.awp%0D%0A%0D%0Athe files contain several dlls which get copied to system directory and get registered%0D%0A%0D%0AClassID appears to be random%0D%0Afilenames are random %0D%0A%0D%0Acreates weblink on desktop pointing to Captain Morgans Casino%0D%0A%0D%0A%0D%0A
[Search-For-You]
Product=Search-For-You
Company=Searchsolutions BW
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=The supposed function is not stated, but according to the name of the .exe and autorun entry implies that it is related to Windows update.
Privacy=not stated
Description=The execution of winupd.exe changes the browser pages, such as start page and search page.
[CoolWWWSearch.WinSecurityCenter]
Product=CoolWWWSearch.WinSecurityCenter
Company=CWS
Threat=Trojan
CompanyURL=http://www.winmsn.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=This is a chm-file with no stated function. It poses as Windows Security Center.
Privacy=
Description=Once the .chm-file is executed the exe-file embedded within is being executed and connects to Peter Issons domains such as winmsn.com, winprotect.net.%0D%0AIt does not ask for any permission. Also Explorer, Internet Explorer, Regedit or WinMgmt.exe are being launched in background.%0D%0APeriodically, a tray icon looking like Windows Security Center's yellow shield appears and warns about possible spyware threads encouraging the user to visit certain links.%0D%0ASometimes there also is a warning window displayed.%0D%0ASome websites belonging to Peter Isson are added to the favorites.%0D%0AThis trojan does also use a hidden service to stay persistent.
[CoolWWWSearch.SearchAssistant]
Product=CoolWWWWSearch.SearchAssistant
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=No stated functionality; according to uninstall menu it is a SearchAssistant.
Privacy=
Description=Hijacks browser pages and causes advertising pop ups .
[Scan&Repair Utilities 2006]
Product=ScanAndRepairUtilities2006
Company=Scan&Repair ltd Systems Incorporated
Threat=Trojan
CompanyURL=http://www.scanandrepair.com/
CompanyProductURL=http://www.scanandrepair.com/
CompanyPrivacyURL=
Functionality=supposed to be a legitimate antispyware software
Privacy=
Description=Domain registered to Marko Novakovic in Belgrad while EULA speaks about a company named Scan & Repair ltd Systems Incorporated which operates after US jurisdiction%0D%0A%0D%0Ascan shows fake entries made to make the user believe that his computer is infected, so he may pay for this deceptive software.
[FakeWGA]
Product=FakeWGA
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a part of Microsoft Windows Genuine Advantage (WGA)
Privacy=
Description=Disables the Windows firewall, adds itself and a services.exe in Windows\etc\ as services. Both run in background and are registered as autostarting services. They connect to various IPs and wait for incoming TCP and UDP connections.
[Zlob.DVBX11_Bat]
Product=Zlob.DVBX11_Bat
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be services for DVB X11 devices and parts of "the Bat!"
Privacy=
Description=Disguises as the Bat! email client and DVB services.%0D%0ADisables the Windowssecuritycenter and enables the Windows Explorer to pass the Windows Firewall.%0D%0ARuns in backbground and hooks up to winlogon to get started at any Windows boot. As long the file bmtdhh.dll in system32 directory is active, the other files of this trojan are hidden from the WindowAPI (i.e. invisible for most applications including Explorer).%0D%0A%0D%0AIf the file bmtdhh.dll remains active in winlogon, it can recreate some of the other files and settings, to disable the file it is required to reboot windows in minimal alternate shell and rename the file manually.%0D%0AThe filename is static and it is located in the system32 directory.%0D%0A%0D%0AThe Windowssecuritycenter may need to be reinstalled to function properly.
[eUniverse.PowerSearch]
Product=eUniverse.PowerSearch
Company=eUniverse Inc.
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a search toolbar for the InternetExplorer
Privacy=
Description=This trojan horse installs in background, connects to the internet in background, does not show up any useful function to the user and downloads other software without user consent.
[CoolWWWSearch.WinRes]
Product=CoolWWWSearch.WinRes
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Part of the CoolWWWSearch hijackers. It installs itself without any permission in background. It hooks itself to the Internet Explorer and redirects its searches and/or homepage to CoolWWWSearch websites, which habor other malware or fraudware.
[CoolWWWSearch.IE-Extension]
Company=
Product=CoolWebSearch.IE-Extension
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=An Internet Explorer Browser Helper Object. Changes Zonemaps. The IE-Extension connects to certain Web sites and tries to download malware, every time Internet Explorer is started. Code contains traces of the spyware Vipsearcher, related to the multitudinous and reproductive CWS clan.
[Sallity.Badcro]
Product=Sallity.Badcro
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=n/a
Privacy=n/a
Description=Sallity.Badcro is a bad MS-Word macro. It copies DLLs to the Windows system folder, and creates an .exe file in the root folder.
[Win32.Small.v]
Product=Win32.Small.v
Company=n/a
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=n/a
Privacy=n/a
Description=It creates an Autorun entry ("msbb") in the registry in order to be launched on each Windows startup. It also downloads other objects without giving the user a possibility to stop this process.
[NCast]
Product=NCast
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It installs an Browser Helper Object which is executed every time you run the Internet Explorer. Then it connects to www.ncast.cn, www.ishowbao.com and urlad.cn and displays ads in the Internet Explorer. All that happens without user consent.%0D%0A
[Fake.xpRecovery]
Product=Fake.xpRecovery
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It deletes the complete content of the hostfile. Additionally it installs a BHO which is loaded on every Internet Explorer start. Then it connects to many bad pages in the internet and tries to download files
[AdMoke]
Product=AdMoke
Company=
Threat=Adware
CompanyURL=www.mokead.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It installs an BHO wich is executed every time you start the Internet Explorer. It connects to many webpages and tries to download files. It also tries to install a chinese language package. A service is installed to be loaded on every windows startup. All that happens without user consent.
[Ad-Protect]
Product=Ad-Protect
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Ad-Protect pretends to be an antispyware solution but actually does not detect any kind of malware. The program's website contains horrifying stories about computers, espionnage etc. urging the user to install Ad-Protect.
[AdSponsor]
Product=AdSponsor
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AdSponsor gets installed on the computer without user consent and advertising popups come up when certain key words are typed.
[HappyToFind.Toolbar]
Product=HappyToFind.Toolbar
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This hijacker makes use of security holes and trojans to get installed. When it is installed it displays a toolbar that redirects to malicious websites.
[Kolweb.B]
Company=
Product=Kolweb.B
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Kolweb.B copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[VirusRescue]
Product=VirusRescue
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=VirusRescue pretends to be an antispyware solution but actually does not detect any kind of malware. The program's website contains horrifying stories about computers, espionnage etc. urging the user to install VirusRescue.
[Win32.Bzub.e]
Product=Win32.Bzub.e
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Bzub.e copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Zlob.VideoAccess]
Product=Zlob.VideoAccess
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Zlob.JPEG-Encoder]
Product=Zlob.JPEG-Encoder
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Zlob.MyPassGenerator]
Product=Zlob.MyPassGenerator
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Kolweb.B]
Product=Kolweb.B
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Kolweb copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[FotosScreenSaver]
Product=FotosScreenSaver
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=FotosScreenSaver copies copies *.scr-file into the system directory of the operating system without giving the user a possibility to cancel that process.%0D%0AAlso adds itself to AutoRun%0D%0A
[Win32.NLC]
Product=Win32.NLC
Company=
Threat=trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=File runs in background. Doesn't load any file. Maybe it is just a part of the Trojan.
[CrawlwsToolbar]
[CrawlwsToolbar]
Company=
Product=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Install Toolbar into the IE without giving the user a possibility to cancel that process.
[Papinha]
Product=Papinha
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Papinha copies copies *.exe-file into the system directory of the operating system without giving the user a possibility to cancel that process.
[MediaTickets]
Product=MediaTickets
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=by name it is supposed to be some kind of access ticket to media content
Privacy=
Description=this hijacker installs via the chm exploit, meaning it comes disquised in a windows helpfile and installs itself without the users content and redirects the Internet Explorer to various websites.
[Warezov]
Product=Warezov
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware connects to the internet in background to a static IP address. It also adds a dll with randomized name as a browser helper object and also adds this dll to winlogon\notify, thus always loading the library on Windows boot.
[Win32.Agent.baf]
Product=Win32.Agent.baf
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan installs itself under the name csrss.exe into the Windows directory. It runs in background and tries to connect to a remote website.
[Banker.anv]
Product=Banker.anv
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file is downloaded as a screensaver. When executed, it may copy itself into the system directory, it creates an autorun key for itself or other files. The file also establishes a TCP connection to a remote server.
[Zlob.SuperCodec]
Product=Zlob.SuperCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to the infected computer.
[Zlob.GoldCodec]
Product=Zlob.GoldCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to the infected computer.
[Win32.Adload.fu]
Product=Win32.Adload.fu
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Adload.fu copies copies *.exe-file into the system directory of the operating system. Doesn't load any file. Maybe it is just a part of the Trojan.
[MSNservice]
Product=MSNservice
Company=
Threat=trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Dadobra copies itself into the system directory of the operating system and tries to connect to the internet and download Smitfraud-C., Cimuz, TelekomBill.Fake etc. The trojan creates a fake autorun entry called "MSN"
[NavBHO]
Product=NavBHO
Company=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This file is run as a BHO.%0D%0A
[SearchEnhancer]
Product=SearchEnhancer
Company=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Install Toolbar into the IE without giving the user a possibility to cancel that process.
[Zlob.PowerCodec]
Product=Zlob.PowerCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to the infected computer.
[Zlob.KeyCodec]
Product=Zlob.KeyCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and install various third-party spyware and malware to infected computers
[AnotherBOT]
Product=AnotherBOT
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The downloaded file moves itself into the system directory and renames itself. A registry entry provides the file is running on system startup. It opens a TCP connection and waits for orders.
[Prisparky]
Product=Prisparky
Company=Prisparky LDA
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file changes the IE startpage and creates several links. When executed, it tries to establish a modem connection to a pornsite. Some more executable files are saved to disk.
[Win32.Small.lr]
Product=Win32.Small.lr
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=File runs in background. Doesn't load any file. Maybe it is just a part of the Trojan.
[Banload]
Product=Banload
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Banload copies itself into the windows and system directory of the operating system and tries to connect to the internet. Banload makes the computer insecure and so it is easy for other trojans to infiltrate the computer.
Description=MSCheck copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer. The trojan often is spread by a website offering free-games. These free games often not work, but the trojan does! MSCheck disguises as "mscheck" (usually used by Windows) to be run at systemstart and eats up system resources.
[TheMeui]
Product=TheMeui
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=TheMeui copies files to the Windows-folder without user consent and eats up system resources.
[Banker.AGA]
Product=Banker.AGA
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Banker.AGA copies files to the system folder and adds itself as "lsass32" to run at system start without giving the user a possibility to cancel that process.%0D%0A
[Win32.Delf]
Product=Win32.Delf
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf copies files to the system folder. Installs a browser helper object (BHO) without user consent.
[Zlob.KeyGenerator]
Product=Zlob.KeyGenerator
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to the infected computer.
[PWS.WOW]
Product=PWS.WOW
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It creates many files in the system folder with names similar to valid windows files. It makes changes in the registry so that the bad files will be loaded every time you open an exe-file, a screensaver and many other file types.
[Stration]
Product=Stration
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some Microsoft files
Privacy=
Description=This trojan horse poses as systemfiles and runs in background. It creates a spamlist and connects to various IP adresses and uses smtp for spamming purposes.
[Zlob.Cap.DX]
Product=Zlob.Cap.DX
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a sample module for DirectX from Microsoft.
Privacy=
Description=This trojan horse is packed with UPX, while Microsoft uses its own packers. Also the file information are faked.
[Xenter.Dial]
Product=Xenter.Dial
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some kind of content dialer
Privacy=
Description=This illegal dialer installs and adds itself to the system start and starts itself hidden, regardless of what the user decides on the initial execution where an information about the costs are shown.%0D%0AThis info states that the call will costs 2.99 per min, but lacks a currency.
[Zlob.BrainCodec]
Product=Zlob.BrainCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to the infected computer.
[Win32.Agent.ig]
Product=Win32.Agent.ig
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.ig copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Zlob.VideoActiveXObject]
Company=
Product=Zlob.VideoActiveXObject
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to the infected computer.
[Win32.Small.ml]
Product=Win32.Small.ml
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.ml copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Win32.Adload.ep]
Product=Win32.Adload.ep
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The Trojan Win32.Adload.ep copies itself into the system directory of your operating system and tries to connect to the internet. When the trojan is connected with a server he waits for new orders to spy out the user.
[Win32.Agent.aaw]
Product=Win32.Agent.aaw
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.aaw copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer. The trojan is spread by several websites that try to use security holes of the operating system. So the user can be infected by just visiting such websites.
[Win32.Bagle.Z]
Product=Win32.Bagle.Z
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Bagle.Z copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm out the computer.
[Win32.Gadu]
Product=Win32.Gadu
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Gadu copies exe-files and dll-files into the system- and Windows folder.
[Hupigon]
Product=Hupigon
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Hupigon is a backdoor trojan, which drops severall dynamic link libraries and installs them. Hupignon installs one library as a service which connects to the internet. Other files are part of a keylogger.
[Zlob.SilverCodec]
Product=Zlob.SilverCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Zlob.Vcodec]
Product=Zlob.Vcodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[QQRob]
Product=QQRob
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Once executed it copies itself into the system directory and creates a library file winscok.dll. It tries to terminate some processes and lowers some security settings like the Windows Security Center. It also creates an autorun entry to be loaded on every windows startup.
[FakeBill]
Product=FakeBill
Company=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It connects without user consent to lavl-vicky.com to download other bad software which is executed on user┤s system. The downloaded file establishes a connection to a remote server.
[StarnetItalia]
Product=StarnetItalia
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a content dialer for fullgames
Privacy=
Description=This illegal dialer does not show up on screen while executed. It runs in background and tries to establish a connection via a modem.
[Zlob.Wave]
Product=Zlob.Wave
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some kind of mediacodec
Privacy=
Description=This trojan horse pretends to be a mediacodec but does not provide such functions. Instead it connects to the internet in background and tries to retrive an IEtool34.exe. It registers a browser helper object (BHO) which is also registered in the system start.
[VistaActivation.Trojan]
Product=VistaActivation.Trojan
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a programm to activate unlicensed copies of Windows Vista
Privacy=
Description=Pretends to be a self-extracting rar archive. On execution the trojan horse connects to the internet in background and submits data about the user and the computer to a russian site. The trojan horse also installs a fake csrss.exe in the Windows directory, which allows this file to pass the windows firewall. It runs in background and starts it via policies at system start.
[Smitfraud-C.Keylogger]
Product=Smitfraud-C.Keylogger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a Windowsfile
Privacy=
Description=This keylogger appears to be very similiar in name to the legit windows file svchost.exe located in the system directory. The fake one is installed in the Windows directory. It runs in background, bypasses the Windows Firewall, ensures that it is started on Systemstartup and connects to the internet in background. Furthermore it logs all keystrokes to the offlog.txt located in the Windows directory. Since this keylogger has a constant connection to the internet it can sent the logged keystrokes thus getting passwords and so on. It is also capable of making screenshots, compressing them and also sending them into the internet.
[TargetMarketingAgency]
Product=TargetMarketingAgency
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=TargetMarketingAgency collects user information from you to extend their database so they can generate a special user profile. In future the user will receive annoying popups by surfing the internet.
[Psyme]
Product=Psyme
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=A trojan which is disguised as local webpage (.html file) with random name containing malicious code (in Java Script) for downloading and executing files. May download Prisparky(Dialer).
[WinClean]
Product=WinClean
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WinCleancopies exe-files to the System-folder without giving the user a possibility to cancel that process.
[PartyPoker]
Product=PartyPoker
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=not stated application, supposed to be some license loader.
Privacy=
Description=When executed the exe runs hidden and starts the Internet Explorer in background. Once the user opens the IE, the hidden instance of the IE connects to partypoker websites and then displays it in another IE window.%0D%0A
[Dumaru]
Product=Dumaru
Company=Wan-Fu China, Ltd.
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legitimate software like the Windows Media Player
Privacy=
Description=While the trojan horse poses as a legtimate file, it runs in background and starts the Internet Explorer in background. It installs several files to the system and windows directory and adds some to the system start, so that it gets started automatically. It also gathers information about the computer and the user. Various variants steal passwords and other user data.
[Win32.SdBot.azc]
Product=Win32.SdBot.azc
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.SdBot.azc disguises as "msvcc25" to run at system start and eats up system resources.
[War3z]
Product=War3z
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=War3z is a peer to peer client which downloads and installs various third-party spyware and malware to infected computers without user notice.
[GoldenRivieraCasinoLoader]
Product=GoldenRivieraCasinoLoader
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=GoldenRivieraCasinoLoader creates an autorun entry named "Security" to run at system start (redirect to "GoldenRivieraCasino") and copies itself into windows folder.
[CIOLE.Media.Extension]
Product=CIOLE.Media.Extension
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=A .dll file is registered and creates registry entries. The file is able to log user activities without notice. It may be installed with NSIS Media Extension.
[Win32.Agent.At]
Product=Win32.Agent.At
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.At copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Zlob.SoftCodec]
Product=Zlob.SoftCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Win32.VB.atz]
Product=Win32.VB.atz
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.atz copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Win32.Delf.acc]
Product=Win32.Delf.acc
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=A trojan which connects to a brasilian Fun site. While showing a flash movie, an executable file is downloaded from a chinese webserver. This file creates a copy of itself with an autorun entry without user notice.
[Zlob.DigiPassword]
Product=Zlob.DigiPassword
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Aimbot.MSN]
Product=Aimbot.MSN
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an update or part of other Microsoft Messenger software
Privacy=
Description=Pretends to belong to Microsoft but compromises the Windows Security Center and runs as a service in background. The trojan horse is able to contact the internet in background.
[Simpatic.Otherchance]
Product=Simpatic.Otherchance
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Makes a redirect to malicious websites and hijacks the Internet Explorer startpage.
[Win32.Agent.Acz]
Product=Win32.Agent.Acz
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.Acz copies dangerous executives to the system folder. It runs its files in background and adds itself to system services as "Personal Security Center Monitor".
[Zlob.VAXCodec]
Product=Zlob.VAXCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[PSW.WOW]
Product=PSW.WOW
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It creates many files in the system folder with names similar to valid windows files. It makes changes in the registry so that the bad files will be loaded every time you open an executive, a screensaver and many other file types.
[Oska.Deskmates]
Product=Oska.Deskmates
Company=Oska Educational Systems Pty Ltd.
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be animated cartoon or erotic desktop figures.
Privacy=
Description=Full version per deskmate costs 29.95$, per default all visibile deskmates in shop are selected for purchase --> fraudulent , because total price is not clearly discerned from the remaining text. Also this is not the usual practice for webshops to add all visible items to the shopping cart.%0D%0ASince there is erotic content there should be means to secure the products from minors. Demoversions are available freely. Their associate-program has no rules against spamming, hijacking or bundling with malware. Oska Systems does not appear to be interested in stopping bad associates.
[Kuasio.Ka]
Product=Kuasio.Ka
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a Kaspersky Antivirus toolbar
Privacy=
Description=This toolbar is not related to Kaspersky Antivirus. It is a complete fake and hijacks the Internet Explorer and connects to malicious websites without user consent.
[Troj.PrintSpool]
Product=Troj.PrintSpool
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a printer spooler
Privacy=
Description=This trojan horse pretends to be a printer spool service. It adds itself to system start and as a service. It runs in background and listens to incoming network traffic via UPD connections. It randomizes its name to avoid detection.
[SVerner.Search]
Product=SVerner.Search
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Not stated browser helper object.
Privacy=
Description=The SVerner.Search browser helper object installs itself in background and connects to the internet in background with a second instance of the Internet Explorer. It connects to different referrer sites and appears to collect information on the user and or use the users computer to get ad payment.
[Win32.Microjoin]
Company=
Product=Win32.Microjoin
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan drops another executable file into the Windows directory. This file (with random) name deletes registry entries of known anti-virus programs so that the programs may not run properly.
[MyWay.MyWebSearch]
Product=MyWay.MyWebSearch
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The toolbar gets installed via download from a website. It also has a plugin for Microsoft Outlook, which is run at system startup. Everytime the user looks for a statement with the search function, an obviously unique identification number ("sauid") is sent to a webserver. When uninstalled, some registry entries and files remain on the system.
[Zlob.DirectVideo]
Product=Zlob.DirectVideo
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[Zlob.SiteTicket]
Product=Zlob.SiteTicket
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[SpywareKnight]
Product=SpywareKnight
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=When SpywareKnight is installed on the computer it finds a lot of malware (that does not really exist) and that only can be removed by purchasing a licence.
[TrustCleaner]
Product=TrustCleaner
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=TrustCleaner gets installed on the computer without user consent. When it is installed on the computer it finds a lot of malware (that does not exist)which can be removed by purchasing a licence only.
[TrueSword]
Product=TrueSword
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=When TrueSword is installed on the computer it finds a lot of malware (that does not exist) and which can be removed by purchasing a licence only. This behavior seems to be resolved as from True Sword 4.
[Zlob.VideoCodec2007]
Product=Zlob.VideoCodec2007
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Fakealert]
Product=Fakealert
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Fakealert creates an autorun entry named "pro" to run at each system start and eats up system resources.
[Win32.VB.dm]
Product=Win32.VB.dm
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.dm gets installed without giving the user a possibility to cancel that process. Also downloads Look2Me, Smitfraud-C.AntiFirewall, Win32.Small.avq
[Leena]
Product=Leena
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Leena installs some executable files into the system folder, without giving the user a possibility to cancel that process.
[1und1Bill.Fake]
Product=1und1Bill.Fake
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=1und1Bill.Fake is a trojan that pretends to be an 1&1 internet bill, it copies its exe file to the system folder. It also creates an autorun entry to get started at sytem boot.
[Win32.Bifrose.LA]
Product=Win32.Bifrose.LA
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Bifrose.LA copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Win32.SdBot.ye]
Product=Win32.SdBot.ye
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.SdBot.ye copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[UniversalDial]
Product=UniversalDial
Company=
Threat=Dial
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This Italian dialer establishes a connection to a toll number without user consent and redirects the user to malicious porn sites.
[AdArmor]
Product=AdArmor
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AdArmor claims to be an antispyware solution. If it is installed on the computer it detects some spyware even if the computer is a totally clean machine. In order to fix these problems, the user needs to purchase a licence.
[FixerAntispy]
Product=FixerAntispy
Company=FixerAntispy
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=FixerAntispy claims to be an antispyware solution. If it is installed on the computer it detects some spyware even if the computer is a totally clean machine. In order to fix these problems, the user needs to purchase a licence. Same app as AdArmor.
[SpyAnalyst]
Product=SpyAnalyst
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyAnalyst claims to be an antispyware solution. If it is installed on the computer it detects some spyware even if the computer is a totally clean machine. In order to fix these problems, the user needs to purchase a licence. Same app as AdArmor.
[SpyOfficer]
Product=SpyOfficer
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyOfficer claims to be an antispyware solution. If it is installed on the computer it detects some spyware even if the computer is a totally clean machine. In order to fix these problems, the user needs to purchase a licence. Same app as AdArmor.
[SpyMyPC-Pro]
Product=SpyMyPC-Pro
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyMyPC-Pro is a keylogger that runs silently in the background of the operating system. It records all keystrokes without user consent and thus makes it possible to spy on the user's surfing and working behaviour.
[ErrorKiller]
Product=ErrorKiller
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=ErrorKiller claims to be an antispyware solution. When the user starts to scan the computer the software shows some dangerous problems that are false positives and wants the user to buy a licence by frightening him that there is no other possibility to clean the system.
[Hupignon]
Product=Hupignon
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a driver or system program
Privacy=
Description=This trojan horse runs in background and installs services without any user consent. The services are related to other malware and trojan horses.
[CurePCSolution]
Product=CurePCSolution
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit antispyware software
Privacy=
Description=Advertises itself over trojan horses and other malware, redirects the browser to its own website. Shows intentional false positives to make the user buy the software. The trial version does not support updates. Software installs itself to system start and auto start. Even before the software is installed it gives a warning that the computer is infected.
[Some-Standards.com]
Product=Some-Standards.com
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a not named browser helper object.
Privacy=
Description=This trojan horse installs itself as a browser helper object and adds itself to winlogon. Thus forcing the system to always load the trojan horse. The trojan horse will connect to the internet in background , post data to a remote website and install an additional dynamic link library in the system directory. All actions are done secretly in background, also the file and keynames are ramdomized to avoid detection by antispy or antivirus.
[Win32.Agent.ar]
Product=Win32.Agent.ar
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs a malicious browser helper object and downloads also known malware like "NCast".
[Zinblog]
Product=Zinblog
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Zinblog disguises as "Task Manager" to run at system start and eats up system resources. Also changes the startpage of the Internet Explorer. Also loads CoolWWWSearch.OleHelp on the victim┤s PC.
[NumbSoft]
Product=NumbSoft
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=End User Licence Agreement & Terms%0D%0A%0D%0ABy accepting this agreement, I certify the following:%0D%0A%0D%0AI am an adult, being at least 18 years of age.%0D%0A%0D%0AI am the owner of this computer, or am authorized by the owner of this computer to install software on this system. %0D%0A%0D%0AI understand that by accepting these terms and conditions, this program will be installed on my computer.%0D%0A%0D%0APlease be aware that certain areas may contain adult or mature content. You must be at least 18 years of age to access and view such areas.%0D%0A%0D%0AIMPORTANT - PLEASE READ CAREFULLY %0D%0ABY CLICKING ON THE "SUBMIT", "DOWNLOAD", "I ACCEPT" OR SUCH SIMILAR BUTTON OR LINK THAT MAY BE DESIGNATED FOR PURPOSES OF INITIATING THE DOWNLOAD OF THE ôNUMB-SOFT.COMö SOFTWARE PRODUCT (THE " NUMB-SOFT.COM APPLICATION OR WEBSITE") AND OR USING THE ôNUMB-SOFT.COMö APPLICATION YOU AGREE TO BE LEGALLY BOUND BY THESE LICENSE TERMS AND CONDITIONS LISTED BELOW.%0D%0A%0D%0AAcceptance of Terms%0D%0A%0D%0AThe services that NUMB-SOFT.COM. (including its affiliates, subsidiaries will be collectively referred to as ôNUMB-SOFT.COMö) provides to you are subject to the following terms and conditions. Your access to , and use of, this Web Site and software. do not alter in any way the terms or conditions of any other agreement you may have with NUMB-SOFT.COM for products, services or otherwise. NUMB-SOFT.COM reserves the right to amend at any time any policies governing this Web Site, including these Terms and conditions, by posting the amended terms on this Web Site. You will be able to tell that a revision has been made by the date of the last revision indicated at the top of the document. Therefore, we encourage you to check the date of our Site Terms whenever you visit this Web Site. The amended Site Terms will be effective immediately after they are posted on this Web Site. If you do not accept the amended Site Terms (including any referenced policies or guidelines), you must cease using this Software and Web Site.%0D%0A%0D%0ADescription of Services%0D%0A%0D%0AThrough the network NUMB-SOFT.COM provides you with access to a vast Selection of Information, tools, Product Information, and many other hard to find internet resources (collectively, ôServicesö). You also understand and agree that the Services may include advertising and that these advertisements are necessary for NUMB-SOFT.COM to provide the Services. The Services, including any updates, enhancements, new features, and/or the addition of any new Web properties, are subject to the Site Terms.%0D%0A%0D%0ANUMB-SOFT.COM reserves the right at any time and from time to time to modify or discontinue, temporarily or permanently, the Services (or any part thereof) with or without notice. You agree that NUMB-SOFT.COM shall not be liable to you or to any third party for any modification, suspension or discontinuance of the Services.%0D%0A%0D%0A1. Product Over View%0D%0A%0D%0ANUMB-SOFT.COM, Provides Many Enhancements to day to day internet browsing. NUMB-SOFT.COM provide web site based and software based enhancements. That allows for easier access information online as well as access to many offers through an assortment of different types of AdÆs ( eg. Pop ups, Pop unders, Banners) and other various new technologies. %0D%0A%0D%0A2. Proprietary Rights; Limited License%0D%0A%0D%0AUnless otherwise indicated, all Web Site materials, including, without limitation, the NUMB-SOFT.COMÆ logos, and all text, designs, graphics and other files, and the selection and arrangement thereof, are the proprietary and copyrighted property of NUMB-SOFT.COM or its contributors or licensors. Subject to the terms set forth in these Site Terms, NUMB-SOFT.COM grants you a limited license to make informational, non-commercial use only of this Web Site. You may view and electronically copy and print to hard copy portions of this Web Site for the sole purpose of using materials it contains for informational, non-commercial use only. Any other use of this Web Site or the materials contained herein without the prior written permission of NUMB-SOFT.COM is strictly prohibited, including, without limitation: (a) any resale or commercial use of this Web Site or its content; (b) the retransmission, re-broadcasting or other distribution, display or publication of any information contained in this Web Site; (c) making derivative uses of this Web Site and its contents; (d) use of any data mining, robots or similar data-gathering or data extraction methods; (e) downloading (other than the page caching) of any portion of this Web Site or any information contained on this Web Site, except as expressly permitted on this Web Site; or (f) any use of this Web Site other than for its intended purpose.%0D%0A%0D%0AProducts, processes or technology described in this Web Site may also be subject to other intellectual property protection as well, and all rights therein are reserved by NUMB-SOFT.COM. Except as noted above, you are not conveyed any right or license by implication, estoppel or otherwise in or under any patent, trademark or other proprietary right of NUMB-SOFT.COM or any third party. All information provided by NUMB-SOFT.COM on this Web Site is the sole and exclusive property of NUMB-SOFT.COM or its contributors or licensors.%0D%0A%0D%0A2(a). License Conditions %0D%0AYou may not rent, sell, lease, sublicense, distribute, assign, copy, or in any way transfer any NUMB-SOFT.COM Application or use any NUMB-SOFT.COM Application for the benefit of any third party through any outsourcing or time-sharing arrangement or through the operation of any service bureau. You may not modify, reverse-engineer, decompile, disassemble, or otherwise discover the NUMB-SOFT.COM Application, or attempt to do so for any reason. Further, you may not access, create or modify our source code in any way. You do not have the right to and may not create derivative works of the NUMB-SOFT.COM Application. All modifications or enhancements to the NUMB-SOFT.COM Applications remain the sole property of NUMB-SOFT.COM. You understand that we, in our sole discretion, may modify or discontinue or suspend your right to access any or all of our services. %0D%0A%0D%0A%0D%0A3. Notice Specific to Software Available on this Web Site%0D%0A%0D%0AAny software that is made available to download from this Web Site ("Software") is the copyrighted work of NUMB-SOFT.COM and/or its suppliers. Use of the Software is governed by the terms of the End User License Agreement, if any, that accompanies or is included with the Software ("EULA" or "License Agreement"). An end user will be unable to install any Software that is accompanied by or includes a EULA unless he or she first agrees to the License Agreement terms. The Software is made available for download solely for use by end users according to the EULA. Any reproduction or redistribution of the Software not in accordance with the EULA is expressly prohibited by law and may result in severe civil and/or criminal penalties. Violators will be prosecuted to the maximum extent possible.%0D%0A%0D%0ADISCLAIMER: THE PUBLISHERS DO NOT GUARANTEE OR PROMISE, IN ANY WAY, THE PERFORMANCE OF THE SOFTWARE, THE STABILITY THEREOF, OR THE EFFECTS OF THE SOFTWARE TO YOUR SYSTEM. ANY FAULTS OR DAMAGES THAT COULD POSSIBLY ARISE ARE NOT THE LIABILITY OF THE SOFTWARE PUBLISHERS, AND ARE YOUR OWN RESPONSIBILITY%0D%0A%0D%0A4. Confidentiality%0D%0A%0D%0AYou acknowledge that portions of this Web Site may contain valuable Confidential Information (as defined below) of NUMB-SOFT.COM, and you agree to protect and preserve such Confidential Information against any unauthorized use, copying, distribution or disclosure. Without limitation of the foregoing, you agree to use the Confidential Information solely for the purposes for which it has been disclosed to you by NUMB-SOFT.COM. You further agree not to disclose any Confidential Information to any third party, except as necessary to carry out the purpose for which such Confidential Information was provided and only to third parties who are under confidentiality restrictions not to disclose such information. As used herein, Confidential Information shall mean any nonpublic information that is proprietary or confidential to NUMB-SOFT.COM or any information of a third party that NUMB-SOFT.COM is obligated to keep confidential, including, but not limited to, information that relates to NUMB-SOFT.COMÆ products, services, technology, research, development, product ideas, clients, customers, employees, contractors, business and marketing plans, finances, contracts, legal affairs, business affairs or any other confidential or proprietary matter, subject or issue.%0D%0A%0D%0A8. Submissions and Postings%0D%0A%0D%0ANUMB-SOFT.COM does not claim ownership of the materials you provide to NUMB-SOFT.COM (including plans, notes, drawings, original or creative materials, feedback, suggestions or other information) or post, upload, input, provide or submit to any Services (ôSubmissionö). However, by posting, uploading, inputting, providing or submitting (ôPostingö) your Submission, you agree that such Submission is non-confidential, you waive any and all ômoral rightsö in such materials, including the rights of paternity and integrity and you hereby grant NUMB-SOFT.COM permission to use your Submission, including, without limitation, the license rights to copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, translate and reformat your Submission; to publish your name in connection with your Submission; and the right to sublicense such rights, including to any supplier of the Services. No compensation will be paid with respect to the use of your Submission, as provided herein. NUMB-SOFT.COM is under no obligation to post or use any Submission you may provide and NUMB-SOFT.COM may remove any Submission at any time in its sole discretion.%0D%0A%0D%0ABy Posting a Submission, you warrant and represent that you own or otherwise control all of the rights to your Submission as described in these Site Terms, including, without limitation, all the rights necessary for you to post, upload, provide, input or submit the Submission. In addition to the warranty and representation set forth above, by Posting a Submission that contains images, photographs, pictures or that are otherwise graphical in whole or in part (ôImagesö), you warrant and represent that (a) you are the copyright owner of such Images, or that the copyright owner of such Images has granted you permission to use such Images or any content and/or images contained in such Images consistent with the manner and purpose of your use and as otherwise permitted by these Site Terms; (b) you have the rights necessary to grant the licenses and sublicenses described in these Site Terms; and (c) that each person depicted in such Images, if any, has provided consent to the use of the Images as set forth in these Site Terms.%0D%0A%0D%0APlease note: NUMB-SOFT.COM does not accept or consider unsolicited ideas, including ideas for new advertising campaigns, new promotions, new products or technologies, processes, materials, marketing plans or new product names. Please do not send any original creative artwork, samples, demos or other similar works. The sole purpose of this policy is to avoid potential misunderstandings or disputes when NUMB-SOFT.COMÆ products or marketing strategies might seem similar to ideas submitted by you. All such submissions will be treated as Submissions as set forth herein.%0D%0A%0D%0ANUMB-SOFT.COM takes no responsibility and assumes no liability for any Content posted or uploaded by you or any third party, or (without limitation) for any mistakes, defamation, slander, libel, omissions, falsehoods, obscenity, pornography or profanity you may encounter. Your use of the Interactive Areas is at your own risk. Information posted in any Interactive Area should not be considered authoritative and cannot be guaranteed as to accuracy. As a provider of interactive services, NUMB-SOFT.COM is not liable for any statements, representations, or Content provided by its users in any public forum, personal home page or other Interactive Area. Although NUMB-SOFT.COM has no obligation to screen, edit or monitor any of the Content posted in any Interactive Area, NUMB-SOFT.COM reserves the right, and has absolute and sole discretion, to remove, screen or edit any Content that violates these provisions or is otherwise objectionable. Any use of the Interactive Areas or the Web Site in violation of the foregoing is in violation of these terms and may result in, among other things, the termination or suspension of your rights to use the Interactive Areas and/or the Web Site.%0D%0A%0D%0A9. No Unlawful or Prohibited Use%0D%0A%0D%0AAs a condition of your use of this Web Site and or Software, you will not use the Services for any purpose that is unlawful or prohibited by these terms, conditions, and notices. You may not use the Services in any manner that could damage, disable, overburden, or impair any NUMB-SOFT.COM servers, or the network(s) connected to any NUMB-SOFT.COM server, or interfere with any other partyÆs use and enjoyment of any Services. You may not attempt to gain unauthorized access to any Services, computer systems or networks connected to any NUMB-SOFT.COM server or to any of the Services, through hacking, password mining or any other means. You may not obtain or attempt to obtain any materials or information through any means not intentionally made available through the Services.%0D%0A%0D%0A%0D%0A10. Third Party Content & Services%0D%0A%0D%0ANUMB-SOFT.COM may provide links to Web pages and content of third parties (ôThird Party Contentö) as a service to those interested in this information. NUMB-SOFT.COM does not monitor nor does it have any control over any Third Party Content or third party Web Sites. NUMB-SOFT.COM does not endorse or adopt any Third Party Content and can make no guarantee as to its accuracy or completeness. NUMB-SOFT.COM does not represent or warrant the accuracy of any information contained therein, and undertakes no responsibility to update or review any Third Party Content. Users use these links and Third Party Content contained therein at their own risk.%0D%0A%0D%0A11. Disclaimer%0D%0A%0D%0ATHIS WEB SITE, SOFTWARE, THE SERVICES, AND THE MATERIALS IN THIS WEB SITE OR IN THE SERVICES ARE PROVIDED ON AN ôAS ISö BASIS WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. NUMB-SOFT.COM DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. NUMB-SOFT.COM DOES NOT REPRESENT OR WARRANT THAT THE SERVICES OR MATERIALS ARE ACCURATE, COMPLETE, RELIABLE, TIMELY, SECURE, CURRENT, OR ERROR-FREE, OR THAT THE QUALITY OF ANY SERVICES OR MATERIALS OBTAINED BY YOU WILL MEET YOUR EXPECTATIONS. NUMB-SOFT.COM DOES NOT REPRESENT OR WARRANT THAT THIS WEB SITE OR ITS SERVER(S) ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.%0D%0A%0D%0ANUMB-SOFT.COM reserves the right to change any and all content contained on this Web Site at any time without notice. Reference to any products, Services, processes, or other information, by trade name, trademark, manufacturer, supplier, or otherwise does not constitute or imply endorsement, sponsorship or recommendation thereof by NUMB-SOFT.COM.%0D%0A%0D%0A12. Limitation of Liability%0D%0A%0D%0AIN NO EVENT SHALL NUMB-SOFT.COM, OR ITS OFFICERS, DIRECTORS, SHAREHOLDERS, OR EMPLOYEES, BE LIABLE FOR ANY DIRECT, SPECIAL, PUNITIVE, EXEMPLARY, INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY OTHER DAMAGES OF ANY KIND, INCLUDING BUT NOT LIMITED TO LOSS OF USE, LOSS OF PROFITS, OR LOSS OF DATA, WHETHER IN AN ACTION IN CONTRACT, TORT (INCLUDING BUT NOT LIMITED TO NEGLIGENCE), OR OTHERWISE, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF THIS WEB SITE, SOFTWARE OR THE MATERIALS CONTAINED IN, OR ACCESSED THROUGH, THIS WEB SITE, INCLUDING WITHOUT LIMITATION ANY DAMAGES CAUSED BY OR RESULTING FROM RELIANCE BY THE USER ON ANY INFORMATION OBTAINED FROM NUMB-SOFT.COM, OR THAT RESULTS FROM MISTAKES, OMISSIONS, INTERRUPTIONS, DELETION OF FILES OR E-MAIL, ERRORS, DEFECTS, VIRUSES, DELAYS IN OPERATION OR TRANSMISSION OR ANY FAILURE OF PERFORMANCE, WHETHER OR NOT RESULTING FROM ACTS OF GOD, COMMUNICATIONS FAILURE, THEFT, DESTRUCTION OR UNAUTHORIZED ACCESS TO NUMB-SOFT.COMÆ RECORDS, PROGRAMS, OR SERVICES. IN NO EVENT SHALL THE AGGREGATE LIABILITY OF NUMB-SOFT.COM (WHETHER IN CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE, WHETHER ACTIVE, PASSIVE, OR IMPUTED), PRODUCT LIABILITY, STRICT LIABILITY OR OTHER THEORY) ARISING OUT OF OR RELATING TO THE USE OF NUMB-SOFT.COMÆ WEB SITE EXCEED ANY COMPENSATION YOU PAY, IF ANY, TO NUMB-SOFT.COM FOR ACCESS TO OR USE OF THIS WEB SITE.%0D%0A%0D%0A13. Indemnification%0D%0A%0D%0AYou agree to defend, indemnify and hold harmless NUMB-SOFT.COM, its independent contractors, service providers and consultants, and their respective directors, employees and agents, from and against any third party claims, damages, loss, liability, costs and expenses (including, but not limited to, reasonable attorneysÆ fees) arising out of your use of the NUMB-SOFT.COM Web Site and any discussion forums or interactive areas contained herein, including without limitation any actual or threatened suit, demand, or claim made against NUMB-SOFT.COM and/or its independent contractors, service providers, or consultants, arising out of or relating to your conduct, your violation of these terms and conditions, or your violation of the rights of any third party.%0D%0A%0D%0A14. Termination%0D%0A%0D%0ANotwithstanding any of these Site Terms, NUMB-SOFT.COM reserves the right, without notice and in its sole discretion, to terminate your license to use this Web Site, and to block or prevent future access to and use of this Web Site. These Site Terms may not be otherwise amended except in a written document signed by NUMB-SOFT.COM.%0D%0A%0D%0A15. Waiver; Severability; No Third Party Beneficiaries%0D%0A%0D%0ANo waiver by NUMB-SOFT.COM, whether express or implied, of any provision of these Site Terms shall constitute a continuing waiver of such provision or a waiver of any other provision of these Site Terms; nor shall NUMB-SOFT.COM be estopped from enforcing any provision of these Site Terms, except by written instrument executed by NUMB-SOFT.COM. If any provision of these terms and conditions shall be deemed unlawful, void, or for any reason unenforceable, then that provision shall be deemed severable from these terms and conditions and shall not affect the validity and enforceability of any remaining provisions. You agree that, except as may otherwise be expressly provided herein, there shall be no third party beneficiaries to these Site Terms.%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A%0D%0ACopyright ⌐ 2006 NUMB-SOFT.COM, Inc. All rights reserved.%0D%0A
Description=NumbSoft installs malicious files into the system folde and disguises itself as "RUNDLL32.EXE" to run at system start. It eats up system resources and also downloads Smitfraud-C.
[Win32.Ager.D]
Product=Win32.Ager.D
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Ager.D copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[SmartShopper]
Product=SmartShopper
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SmartShopper installs to the system directory without user consent and contacts a dangerous website when surfing to any normal domain. Additionally popups come up when certain key words are typed.
[SpywareWizard]
Product=SpywareWizard
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpywareWizard is a trojan spread by a website offering a rogue antispyware solution. If the user tries to download the rogue antispyware solution it installs a trojan into the system directory of the operating system. Furthermore SpywareWizard tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[ContraVirus]
Product=ContraVirus
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=ContraVirus claims to be an antispyware solution. If it is installed on the computer it detects some spyware even if the computer is a totally clean machine. In order to fix these problems, the user needs to purchase a licence. Contra-Virus is in close relation with "Ad-Protect" and "SpyShield".
[BreakSpyware]
Product=BreakSpyware
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=BreakSpyware claims to be an antispyware solution. If it is installed on the computer it detects some spyware even if the computer is a totally clean machine. In order to fix these problems, the user needs to purchase a licence.
[SpyMarshal]
Product=SpyMarshal
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyMarshal claims to be an antispyware solution. If it is installed on the computer it detects some spyware even if the computer is a totally clean machine. In order to fix these problems, the user needs to purchase a licence.
[Win32.Delf.acj]
Product=Win32.Delf.acj
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs a DLL into the system folder without giving the user a possibility to cancel that process.
[GEZBill.Fake]
Product=GEZBill.Fake
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It is spread by email and looks like a very expensive GEZ bill delivered as pdf file. But it is an executable file. Once executed it connects without user consent to the internet and tries to download different files. It creates files and one copy of itself in the system directory. Some settings are added to the registry. Also downloads Cimuz, Smitfroad-C., TelekomBill.Fake
[Sogou]
Product=Sogou
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Software installs itself in background and adds itself as a browser helper object (BHO) to the Internet Explorer. Once the IE starts, the BHO connects to its website in background without any user consent. I appears to be able to deliver popupadvertising. It also tries to enable the IE as a server to receive commands over the internet.
[Rootkit.hearse]
Product=Rootkit.hearse
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Rootkit.hearse creates a service and a winlogon entry without user consent to be loaded on every windows start. It creates two files in the system directory which the user cannot see because they are hidden from the Windows API. If the internet connection is lost due to the infection.%0D%0AADDITIONAL REMOVAL INSTRUCTIONS: Please restart your computer in safe mode and run Spybot S&D again. Then allow Spybot to start on next boot and remove the last remains of Rootkit.hearse.
[WebDesk]
Product=WebDesk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Trojan.
Privacy=
Description=This product is dropped by other malware or downloaded by an unsuspecting user when visiting malicious internet sites. This file copies a library into the windows system directory and creates a browser helper object. Also it is functioning as a trojan downloader.
[Win32.Agent.DSP]
Product=Win32.Agent.DSP
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Trojan.
Privacy=
Description=This product is dropped by other malware or downloaded by an unsuspecting user when visiting malicious internet sites. This file changes the firewall settings, copies a library into the windows system directory and creates a browser helper object. Also it is functioning as a trojan downloader.
[Win32.Delf.ago]
Product=Win32.Delf.ago
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.ago that disguises as "ntaskldr" to run at system start and eats up system resources.
[Cassava]
Product=Cassava
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Cassava installs executable files into your program files folder.%0D%0A Additionally Cassava offers Casino access.
[PornWebTV]
Product=PornWebTV
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Redirects your browser to a malicious porn site.
[Win32.Small.cyh]
Product=Win32.Small.cyh
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs executables onto your system drive without user consent.
[KeyGenGuru]
Product=KeyGenGuru
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Connects in background to the internet and submits data about the computer. It reconfigures the Windows firewall to be allowed to pass it. The spyware deletes itself after doing its job.
[Win32.Agent.ECD]
Product=Win32.Agent.ECD
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be Windows System file svchost.exe
Privacy=
Description=This trojan horse is a fake svchost.exe, which has its files hidden and running in background without user consent. It appears to be affiliated with slimtoolbar. References point to Afghanistan and China.
[MalwareAlarm]
Product=MalwareAlarm
Company=Innovagest 2000 SL
Threat=Malware
CompanyURL=http://www.malwarealarm.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=If MalwareAlarm is installed on the computer it will find a lot of malware (that does not really exist) which only can be removed by purchasing a licence. MalwareAlarm is in close relation to BravesEntry.
[MySpyProtector]
Product=MySpyProtector
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=If MySpyProtector is installed on the computer it will find a lot of malware (that does not really exist) which only can be removed by purchasing a licence.
[PestCapture]
Product=PestCapture
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=If PestCapture is installed on the computer it will find a lot of malware (that does not really exist) which only can be removed by purchasing a licence. MalwareAlarm is in close relation to BravesEntry and SpySheriff.
[SpyNoMore]
Product=SpyNoMore
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=If SpyNoMore is installed on the computer it will find a lot of malware (that does not really exist) which only can be removed by purchasing a licence.
[SpyDefence]
Product=SpyDefence
Company=SpyDefence.com
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=If SpyDefence is installed on the computer it will find a lot of malware (that does not really exist) which only can be removed by purchasing a licence.
[MrAntispy]
Product=MrAntispy
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=If MrAntispy is installed on the computer it will find a lot of malware (that does not really exist) which only can be removed by purchasing a licence. MalwareAlarm is in close relation to BravesEntry and SpySheriff.
[Microsoft.Windows.Security.EnableDCOM]
Product=Microsoft.Windows.Security.EnableDCOM
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Support for network communication of software components, default value is "Y"
Privacy=
Description=When disabled (value is "N"), you could lose operating system functionality, for example remote administration functions may not work properly. (see http://support.microsoft.com/default.aspx?scid=kb;en-us;825750 for details )
[Win32.DNSChanger]
Product=Win32.DNSChanger
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan registers itself as "Windows Management Service" to gain access to the user's system without user consent. The name is used to hide from the user and to not be identified as a threat.
[Win32.Rbot]
Product=Win32.Rbot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file creates autorun entries to run at system startup without user notice. It changes security settings for remote clients and anonymous users. It allows itself to bypass the windows firewall and thus lowers the system security. The trojan searches the IE history in order to find information about the user.
[Downloader.ACF]
Product=Downloader.ACF
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=File runs in background. Downloader.ACF installs dll files into system folder without giving the user a possibility to cancel that process.
[NetUser32]
Product=NetUser32
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=NetUser32 installs exe files into system folder without giving the user a possibility to cancel that process.%0D%0AIn body exe file is more bad links
[Win32.vb.gj]
Product=Win32.vb.gj
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.vb.gj installs exe files into Localsettings-folder without giving the user a possibility to cancel that process.%0D%0AAlso changed Start-Page in IE
[Win32.BHO.ag]
Product=Win32.BHO.ag
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.BHO.ag installs exe files into system folder without giving the user a possibility to cancel that process.%0D%0A
[BuilderX]
Product=BuilderX
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tries to block different antivirus vendor website via the hosts file. (e.g. kaspersky.com, symantec.com etc.)
[CEDPStealer]
Product=CEDPStealer
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=CEDPStealer disguises as "New.net Startup" to run at system start and eats up system resources.%0D%0AAlso downloads NewDotNet, Freeze, MarketScore, Win32.Rbot.gen, Win32.Agent.hl
[Darkonia]
Product=Darkonia
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be part of a game
Privacy=
Description=Supposed to be a part of game. Downloads and installs "Ardamax"-Keylogger
[DownloadMax]
Product=DownloadMax
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=DownloadMax installs bat, exe-files into system folder without giving the user a possibility to cancel that process.%0D%0ARedirects IE to websites with pornographical content.
[Gunbound]
Product=Gunbound
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Gunbound creates a new directory "Gunbound" without giving the user a possibility to cancel that process.%0D%0A
[Luxar]
Product=Luxar
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Luxar installs malicious executable and library files into the system folder. Redirects IE start page. Also loads Win32.Delf.JKH.
[Win32.Agent.azk]
Product=Win32.Agent.azk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.azk installs library and executable files into system folder, disguises as "CTDrive","DllRunning", "syswin" to run at system start and eats up system resources.%0D%0AAlso downloads KeyGenGuru, SearchToolbarCorp.ToolbarVision, Smitfraud-C., Smitfraud-C.Toolbar888%0D%0A
[Win32.Agent.b]
Product=Win32.Agent.b
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.b installs exe files into system folder, disguises as "dllhost" a to run at system start and eats up system resources.%0D%0A
[Win32.IRCBot.yh]
Product=Win32.IRCBot.yh
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.IRCBot.yh installs .dll and .exe files into system folder without giving the user a possibility to cancel that process.%0D%0A
[Win32.Svhost32]
Product=Win32.Svhost32
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Svhost32 installs executable and library files into the system folder, disguises as "xy" to run at system start and eats up system resources. %0D%0AAlso changes your hosts file.
[Win32.ZMist]
Product=Win32.ZMist
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.ZMist installs .ocx and .exe files into system folder. It disguises as "MSN Messenge" a to run at system start and eats up system resources.%0D%0A
[WinXPServicePackCrack]
Product=WinXPServicePackCrack
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.ZMist installs exe files into the System folder, disguises as "vturo", "wvuvwus" a to run at system start and eats up system resources. It also adds itself to the winlogon.%0D%0AAlso loads other trojans and malware VirtuMonde, Smitfraud-C.Toolbar888
[1und1_Haxdoor]
Product=1und1_Haxdoor
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a bill from the ISP 1&1
Privacy=
Description=This trojan horse connects to the internet in background and installs a haxdoor variant, which hides its files from the windows api and loads its files in winlogon. It also registers itself as a service.%0D%0A%0D%0AIt is required to run Spybot as a service with autoscan and autofix to remove this trojan horse. Multiple runs may be necessary.
[EGen]
Product=EGen
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware appears to be a tool to massively create files to avoid detection by security software.
[Redbind]
Product=Redbind
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Malwaretool to create trojan horses which run as services.
[Smitfraud-C.EbayBill]
Product=Smitfraud-C.EbayBill
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an Ebay bill that comes via email
Privacy=
Description=This trojan horse connects to the internet in background and downloads a win.exe . The trojan also installs a browser helper object for the Internet Explorer and deletes dlls from Firefox to cripple it. If the IE is used, the BHO will connect to the internet in background, posting data to a malicious website.
[Troj.Fakealert]
Product=Troj.Fakealert
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit uninstaller
Privacy=
Description=This trojan horse does not make any attempts to uninstall. It runs in background and out of user control.
[WebSearch.J]
Product=WebSearch.J
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be the windows file svchost.exe
Privacy=
Description=This is a trojan horse that pretends to be a Windows system file.
[SysRegistry.RegistryCleaner]
Product=SysRegistry.RegistryCleaner
Company=Bulavich Inc.
Threat=Malware
CompanyURL=
CompanyProductURL=RegistryCleaner
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The program gets advertised through a fake windows message that looks like a dialog created by the windows security center. SysRegistry.RegistryCleaner claims to be a program that cleans up the harmed registry. A scan will find some high risk problems which can only be fixed by purchasing a licence.
[Win32.Agent.API_XP]
Product=Win32.Agent.API_XP
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=http://www.fastmp3search.com.ar
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It pretends a successfull installation for a plugin to hear MP3s. It creates files in the system directory and autorun entries which load these files on every windows start up. It tries to download files from www.fastmp3search.com.ar
[Zlob.VideoBox]
Product=Zlob.VideoBox
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers. This variant also changes the dhcp name server.
[Backdoor.Win32.MsnLog]
Product=Backdoor.Win32.MsnLog
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Monitors MSN Messenger without user consent. Uses different file names to hide.
[PCMM.Rbot]
Product=PCMM.Rbot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse works with other malware to compromise your computer┤s security. It tries to connect to the internet in background.
[Agent.SpamBot]
Product=Agent.SpamBot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Pretends to be an aspi related file.
Privacy=
Description=This trojan horse pretends to be an ASPI driver related file but it tries to connect to the internet in background.
[OSI.inc.Webbot]
Product=OSI.inc.Webbot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an invoice via email
Privacy=
Description=The link to cancel the order in the email is linked to an executable file. Also if activeX is allowed the Internet Explorer will directly connect to the internet in background . Once the exe is executed, additional instances of the IE are used in background to connect to various malicious websites, download additional executeables and run these. A service is being installed that shuts down security software and tools and prevents them from being started.%0D%0A
[Daugeru]
Product=Daugeru
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan Daugeru copies itself into the system directory of your operating system and tries to connect to the internet. It redirects google.com to the local host and tries to hijack the users browser. Additionally the trojan displays a lot of unwanted porn advertisement to the user.
[Exolon]
Product=Exolon
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=File runs in background and downloads trojan "Batty"
[Banload.bui]
Product=Banload.bui
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse runs in the background and downloads vhost.exe without user consent, which is supposed to appear like the legit svchost.exe.
[Win32.Zhelatin.k]
Product=Win32.Zhelatin.k
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Downloads and installs executable files in the background. The trojan itself runs hidden from the user.
[Nurech]
Product=Nurech
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The Trojan connects to a server and tries to download further malware. It creates files in the windows and system directory and additionally autorun entries to be loaded on every windows start. Information about your system like hostname, ip, windows version and some kind of version number is stored in a text file. The files in the windows directory are hidden from the windows API, which means they are invisble for the user.%0D%0AADDITIONAL REMOVAL INSTRUCTION: Please reboot your PC in Safe Mode and perform another scan of Spybot - Search & Destroy to remove the remainings.
[Nurech.A]
Product=Nurech.A
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It creates a file in the directory where the file has been executed. This file installs a service with the name WINCOM32. In the system directory two files are created. The registry entries for the service and the files in the system directory are hidden from the windows API, which means they are invisble for the user.%0D%0AADDITIONAL REMOVAL INSTRUCTION: Please reboot your PC in Safe Mode and perform another scan of Spybot - Search & Destroy to remove the remainings.
[Dropper.Mondo]
Product=Dropper.Mondo
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It drops malware in the system directory and executes it. Additionally it connects without user consent to servers on the internet and downloads further malware/adware files. Autorun entries are created so the malware is to be loaded on every windows startup.
[InetLoader]
Product=InetLoader
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=InetLoader copies malicious files into Windows folder and installs root classes without user consent
[Tibiabot]
Product=Tibiabot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tibiabot creates "c:\WINDOWS\Fonts\"-folder and copies itself into without giving the user a possibility to cancel that process.%0D%0A It runs its files in background and adds itself to autorun as "System Volume".
[Win32.Agent.yr]
Product=Win32.Agent.yr
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.yr runs in the background and stores executable files in the Windows directory without user consent. %0D%0A
[Win32.Banbra.fu]
Product=Win32.Banbra.fu
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs executable file into Windows folder.
[Win32.ProAgent.21]
Product=Win32.ProAgent.21
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.ProAgent.21 runs in the background and adds itself to the Windows autorun section as "qservices" to be loaded at every system start. It copies bad libraries and executable files into the Windows directory.%0D%0A
[MBS.Sexxxpassport]
Product=MBS.Sexxxpassport
Company=Micro Billing System /Unique Biling Systems Ltd
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Some billing authentificator
Privacy=
Description=Malware connects directly to a website with likely sexual content, it does not ask for user consent but opens the webpage directly and tries to download and install an ActiveX component.%0D%0AAlso the company name is inconsistent. Connected website will show up as a searchsite if connected to differently.
[MicroBillingSystem]
Product=MicroBillingSystem
Company=Micro Bill System /Unique Billing Systems Ltd
Functionality=supposed to be some authentication system
Privacy=[...]%0D%0A2. We disclose the information we collect, as described in Section B above, to companies that perform marketing services on our behalf or to other financial institutions with which we have joint marketing agreements. These companies are subject to confidentiality agreements with us and other legal restrictions that prohibit using the information except to market the specified MBS-related products or services, unless you have affirmatively agreed or given your prior permission for other uses.%0D%0A[...]%0D%0AWe use IP addresses, browser types and access times to analyse trends, administer the site, improve site performance and gather broad demographic information for aggregate use. %0D%0A[...]
Description=Connects in background to the internet and posts data without any user consent or display about that on screen. This malware also adds itself to the system directory and to the system start. The company name is also inconsistent. The uninstall function is missing. The MicroBillingSystem malware is capable of taking the computer hostage and impair usage of the computer.
[Win32.Delf.apv]
Product=Win32.Delf.apv
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file moves itself into the system directory and renames itself with a random name. An autorun entry for this file is created so that the application is able to run without user notice after restarting the system. Also, a temporary file is created and deleted after use.
[Pinfi.Parite]
Company=
Product=Pinfi.Parite
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This file is a trojan which saves a copy of an .exe file in the temp folder. The code is injected to every executable file on the user's system resulting in much less free disk space. The code of the file is executed every time a program is run. Also, an autorun entry is created for the downloaded file so that it is run on every system startup. If you find this file on your system, please use an online virusscanner in order to fully clean your system.
[CoolWWWSearch.Crypt]
Product=CoolWWWSearch.Crypt
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=This trojan horse pretends to be the Internet Explorer
Privacy=
Description=This trojan horse pretends to be the Internet Explorer. It installs itself to the system directory and adds itself to winlogon shell to get started at user logon. It also runs in background and can not be controlled by the user.
[Left.Mask]
Product=Left.Mask
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware installs a browser helper object. It installs and runs in background. It connects to the internet without user notice. It has no value to the user at all. It also cannot be configured although it can be uninstalled manually, but usually the user may not even be aware that this software is using up his bandwidth to transmit data to the internet.
[Locksky.NAG]
Product=Locksky.NAG
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a Microsoft file for installing SQL catalogs
Privacy=
Description=There is no legit file, that also installs itself in Winlogon to get started at logon time.
[Morphine.HDR]
Product=Morphine.HDR
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be part of the hacker defender rootkit
Privacy=
Description=Referenced website does not appear to belong to the hacker defender rootkit. Thus this is a fake, giving false information.
[MyCPMAds]
Product=MyCPMAds
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware installs a browser helper object. It installs and runs in background. It connects to the internet without user notice. It has no value to the user at all. It also cannot be configured although it can be uninstalled manually, but usually the user may not even be aware that this software is using up his bandwidth to transmit data to the internet.
[Softomate.DeskbarAlert]
Product=Softomate.DeskbarAlert
Company=Softomate
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some kind of toolbar
Privacy=
Description=Toolbar does not show anywhere in Internet Explorer or Explorer, but it attaches itself to both of them and connects to the internet in background, thus working without user consent, user control or any use to the user.
[IRCBot-TK]
Product=IRCBot-TK
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan installs a new directory (scif). There are four files installed into this directory of which two are legitimate Windows files. An autorun entry is created for svchost.exe in the scif directory so that the file is run on system startup. The trojan enables remote functions per IRC-Channel.
[RegSweep]
Product=RegSweep
Company=C-Netmedia
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=RegSweep claims to be a Registry Cleaner which does not detect any kind of real registry problems. RegSweep is in close relation to SpywareBOT and AdwareAlert.
[MacroVirus]
Product=MacroVirus
Company=C-NetMedia
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=MacroVirus claims to be an antivirus solution which does not detect any kind of real viral infections. MacroVirus is in close relation to SpywareBOT, AdwareAlert and RegSweep.
[Win32.KeyLogger.fl]
Product=Win32.KeyLogger.fl
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.KeyLogger.fl often gets installed in a combination with several trojans. The Win32.KeyLogger.fl records all keystrokes and tries to send them via internet.
[Sera]
Product=Sera
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Sera runs in the background and copies malicious library files into the system directory without giving the user a possibility to cancel that process, disguises as "kernel32" to run at system start.
[Win32.Kapucen.b]
Product=Win32.Kapucen.b
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=File runs in the background. Win32.Kapucen.b disguises itself as "WindowsServicesStartup" to run at system start without giving the user a possibility to cancel that process.
[Win32.VB.lh]
Product=Win32.VB.lh
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.lh runs in the background and copies bad libraries and executables into the system directory.
[PWS.Small.bs]
Product=PWS.Small.bs
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=After execution of e.g. 9129837.exe PWS.Small.bs installs a service (hide_evr2) and copies itself and the service file to the Windows directory. Additionally an autorun entry (ttool) is created which loads the 9129837.exe on every windows startup. The service affects that the two files and the autorun entry are hidden from the windows API, i.e. the user cannot see the files.%0D%0AIf you visit webpages with forms like ebay or online banking pages the filled-in information like userid and password/pin are sent to http://81.95.147.107/cgi-bin/****%0D%0AADDITIONAL REMOVAL INSTRUCTION: Please reboot your PC in Safe Mode and perform another scan of Spybot - Search & Destroy to remove the remainings.
[ZKeyLog]
Product=ZKeyLog
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=File runs in background without giving the user a possibility to cancel that process. ZKeyLog records keystrokes and tries to send them via internet.%0D%0A
[Win32.Nilage.abh]
Product=Win32.Nilage.abh
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a Windows Systemfile
Privacy=
Description=It copies itself to the system folder and pretends to be a Windows system file.
[Win32.Zhelatin.ah]
Product=Win32.Zhelatin.ah
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Zhelatin.ah copies itself to the system directory and tries to connect to the internet. When connected to a server it waits for new orders to spy on the user. Win32.Zhelatin.ah runs in the background.
[Actual Keylogger]
Product=Actual Keylogger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Actual Keylogger gets started at system startup and runs in a hidden mode. So the user is not able to recognize that all keystrokes are recorded.
[SpyDawn]
Product=SpyDawn
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Official demo version appears to install normally but finds a lot of false positives, most likely intentional to make the user buy the full version. SpyDawn is in close relation to SpywareQuake.
[ActivityKeylogger]
Product=ActivityKeylogger
Company=Softcows dot com
Threat=Keylogger
CompanyURL=http://softcows.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Activity Keylogger tracks the user's surfing and working behaviour. The log file that is created does also contain a list of all running processes. Activity Keylogger creates Autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and thus makes it possible to spy on the user.
Description=FamilyKeyloggerProDemo records all keystrokes without the user's awareness or consent about this. It tracks the user's surfing and working behaviour. This keylogger runs silently in the background of the operating system. FamilyKeyloggerProDemo records all keystrokes without user consent and thus makes it possible to spy on the user. It creates Autorun entries in the registry in order to be launched on each Windows startup.
[Win32.VB.po]
Product=Win32.VB.po
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The downloaded file creates an autorun entry for itself so that it is run on system startup without user consent. It connects to a remote server via UDP, waiting for orders. It also looks for user's internet activities, i. e. connection and visited sites.
[Marketscore.RelevantKnowledge]
Product=RelevantKnowledge
Company=
Threat=Malware
CompanyURL=http://www.relevantknowledge.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Adware and survey tool.
Privacy=This application monitors your Internet usage by transmitting to our servers information about the web pages that you visit and the actions that you take while online.
Description=Spyware. Monitors data input (keyboard, mouse) and reports them to an unauthorized party via an internet connection. Displays various surveys in popup windows.
[Fake.IKEA-Bill]
Product=Fake.IKEA-Bill
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Pretends to be an Ikea bill send via email.
Privacy=
Description=Fake.IKEA-Bill copies executable files to the system folder. It runs its files in background and adds itself to system services as "iasx".
[Win32.Hupigon.edt]
Product=Win32.Hupigon.edt
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Hupigon.edt copies executable files into the directory of the operating system without giving the user a possibility to cancel that process. It also installs itself as a service and tries to connect to the internet without user consent.
[Win32.Delf.zq]
Product=Win32.Delf.zq
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.zq copies executable and batch files to the windows folder. It runs its files in background and tries to connect to the internet. It also registers itself as a fake service.exe in winlogon to get started at userlogon.
[Win32.Delf.cc]
Product=Win32.Delf.cc
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.cc copies executable files to the system folder. It runs its files in background and adds itself to autorun as "StartKey".
[Absolutee.Launcher]
Product=Absolutee.Launcher
Company=Absolutee Corp. ltd
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a normal website
Privacy=
Description=Tries to download, install and run a launcher.exe from embedded ActiveX without any user consent. Website offers money per infected system to webmasters who add their code on their websites.
[KBui32.SMTP]
Product=KBui32.SMTP
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs itself in background and connects to the internet without user notice. It appears to be able to email itself or transmit data through the internet. It is also capable to bypass personal firewalls.
[SearchNineX]
Product=SearchNineX
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse installs itself in background, downloads, installs and runs additional files in the background and adds them to system start without user consent.
[Colorado.ClipboardAdmin]
Product=Colorado.ClipboardAdmin
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a Microsoft Clipboard Admin.
Privacy=
Description=This trojan horse starts the Internet Explorer in background and connects to various hosts without user consent. It also copies itself to the system directory and pretends to be a Microsoft file.
[NetSky.Q]
Product=NetSky.Q
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a document or other desired file
Privacy=
Description=This trojan horse pretends to be various desired files, it also installs a fake system start pretending to be Norton Antivirus. NetSky.Q connects to the internet in background, it appears to distribute itself via email and peer to peer networks.
[NetSky.R]
Product=NetSky.R
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=This worm pretends to be a desired file and antivirus solution
Privacy=
Description=The worm infects all exe files on the computer, it also hooks up to the Explorer and adds a system start entry. It runs in background and distributes itself via email. We recommend to run a free online virus scanner to get all files repaired.
[EngergyFactor0190]
Product=EngergyFactor0190
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This illegal dialer tries to establish a modem connection in the background, it also uses the Internet Explorer in background and in foreground. It opens the Internet Explorer and advertises a website with enlargement for genitals.
[CtyBank.Sound]
Product=CtyBank.Sound
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=pretends to be a word document
Privacy=
Description=This trojan horse pretends to be a word document, it is hiding its exe suffix with a large number of space characters. It copies itself as sound.exe into the system , system32 and windows directory. It also registers a system start entry to load one of its copies. When loaded the trojan runs in background and waits to harm the computer.
[Realsearch.Forte]
Product=Realsearch.Forte
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse connects to the internet in the background, it also installs a service and registers itself for system start pretending to be some kind of session manager. It also shows error messages by its dialer component.%0D%0AThis trojan horse is also able to hijack and redirect the browser to a search or porn site.
[HPT.RSV]
Product=HPT.RSV
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be the HP Toolbox
Privacy=
Description=This trojan horse adds itself to the system start as HP Toolbox, it also connects to the internet in background and authorizes itself to bypass the Windows Firewall. Its filename is randomized to avoid detection.
[Ardamax.GWKeygen]
Product=Ardamax.GWKeygen
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Ardamax creates a folder in the system directory and drops fake windows update files into it. It pretends to be a Guild Wars key generator.
[GraceCasino]
Product=GraceCasino
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=GraceCasino displays pop up windows and creates new directories and installs a program without giving the user a possibility to cancel that process. GraceCasino also shows no information about its origin.
[WhenU.DAEMONTools.SearchBar]
Product=WhenU.DAEMONTools.SearchBar
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs a search toolbar into the internet browser, installs additionally WhenU.Search.BrowserToolBar and WhenU.SaveNow. Helps promoting the fake antispyware solution SpywareBot.
[Win32.Agent.pz]
Product=Win32.Agent.pz
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.pz creates a directory named "wsnpoem" in the system folder. Furthermore it installs library files and runs in background.
[Win32.Virtumonde.ha]
Product=Win32.Virtumonde.ha
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.JKH copies itself into the system directory of the operating system. Loads alo Smitfraud-C.Toolbar888
[Win32.Agent.bca]
Product=Win32.Agent.bca
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.bca installs executable und library files into system folder, disguises itself as "syswin" to run at system start and eats up system resources.%0D%0AAlso downloads Smitfraud-C., Smitfraud-C.Toolbar888, Win32.Agent.azk, YazzleSudoku, SearchToolbarCorp.ToolbarVision etc.
[ClickYesToEnter]
Product=ClickYesToEnter
Company=Click Yes To Enter Ltd
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This illegal dialer does not declare itself, it just runs in the background and tries to establish a modem connection.
[Banker.FAT]
Product=Banker.FAT
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be an update.
Privacy=
Description=This trojan horse attaches itself as a browser helper object (BHO) to the Internet Explorer. It will steal the email adresses stored on the users computer and transmit them to its website. It will also steal the users email account information. The trojan horse also phishes for bank accounts/transfer data. It appears to be specialized on german, austrian an polish accounts.
[Cactus.D]
Product=Cactus.D
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a media file or related to the mediaplayer
Privacy=
Description=This trojan horse installs a corrupted mp3 file with a song from james blunt. Variants installs this corrupted mp3 in system start. There are also other executables being installed and run in background without user notice.
[CasinoRoyal.PT]
Product=CasinoRoyal.PT
Company=Intercontinental Online Gaming Ltd.
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=client for online casino
Privacy=
Description=Netinstaller is supposed to download and install the software. But even after 'completed' installation the software actually continues to download additional files for various online games. The total download size is about 125 MB.%0D%0AAlthough downloading from the casinoking servers is possible, actually using the software may not be possible.%0D%0AVendor promotes his software via spam. Registration for fun gaming requires the user to enter the phone number.
[Nurech.TServer]
Product=Nurech.TServer
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a terminal server
Privacy=
Description=This trojan horse installs and runs itself in background. It registers itself in system start as terminal server, connects to the internet in background and listens for incoming commands.
[PPCHook]
Product=PPCHook
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs itself as a browser helper object (BHO), that does not appear to be of any use for the user. It references a bad search site that exploits the name of Google and only shows dubious search results, even those that have not been requested.
[ServU.H]
Product=ServU.H
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This is a hacked version of the commercial FTP software ServU. This version is used as a trojan horse and listens on TCP Port 43958 for incoming communications giving attackers remote access to the computer. It runs in background and is not configurable or controllable by the user.
[Zlob.DNSChanger]
Product=Zlob.DNSChanger
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a software to enable access to pornographical videos.
Privacy=
Description=This trojan horse changes the DNS settings, installs and runs a hidden exe file which is added to winlogon .
[KeyExplorer]
Product=KeyExplorer
Company=All-Spy.com
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=KeyExplorer runs silently in the background of the operating system. It records all keystrokes without the user's awareness or consent about this. It tracks the user's surfing and working behaviour. KeyExplorer creates Autorun entries in the registry in order to be launched on each Windows startup.
[Win32.Agent.mu]
Product=Win32.Agent.mu
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This Trojan drops code which is mostly found in the windows directory. Some of the samples have the ability to communicate with internet servers, to download malware and run other malicious code.
[Win32.Renos]
Product=Win32.Renos
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Renos drops a library and runs radomly. It connects to the internet and shows advertising from rogue security sites. Variants are known to download and install further malware.
[Zlob.VideoAccessActiveXObject]
Product=Zlob.VideoAccessActiveXObject
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[Zlob.ImageActiveXObject]
Product=Zlob.ImageActiveXObject
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[Zlob.AdultAccess]
Product=Zlob.AdultAccess
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[Wootbot.gen]
Product=Wootbot.gen
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Disguises as Win32 FireWire Driver.
Privacy=
Description=The file copies itself into the system directory and creates a lot of autorun entries in order to be run without user consent. The file contains functions to look for passwords and logins or keys of gaming software. It is also capable of shutting down antivirus software in order to lower system security. It opens a connection to a remote server where the information can be sent or from where orders can be received.
[Win32.BHO.gen]
Product=Win32.BHO.gen
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file installs itself as a BHO and tries to connect to a remote website in order to load malware or create ad-popups.
[PAL-Spyware-Remover]
Product=PAL-Spyware-Remover
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=PAL-Spyware-Remover gets installed on the computer without user consent. When it is installed on the computer it will find a lot of malware (that does not really exist) and which can be removed by purchasing a licence only.
[AntiSpywareBOT]
Product=AntiSpywareBOT
Company=2Squared Software
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AntiSpywareBOT gets installed on the computer without user consent. When it is installed on the computer it will find some high risk malware (that does not really exist) and that only can be removed by purchasing a licence. AntiSpywareBOT is in close relation to SpywareBOT.
[E-Ventures N.V.FWNToolbar]
Product=E-Ventures N.V.FWNToolbar
Company=E-Ventures N.V.
Threat=Adware
CompanyURL=http://www.eventuresnv.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The toolbar is installed via a downloaded executable file with random name. It connects to findwhatevernow.com, a highly suspicious searchsite. Further, there are many popups displaying advertising messages and/or links to other sites displaying more ads.
[E-Ventures N.V.PCSkinsBrowser]
Product=E-Ventures N.V.PCSkinsBrowser
Company=E-Ventures N.V.
Threat=Malware
CompanyURL=http://www.eventuresnv.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=After installation, the program tries to connect to a remote server in order to pass information about the user and his/her system or to download more adware/spyware.
[Zlob.iCodec]
Product=Zlob.iCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Zlob.ZipCodec]
Product=Zlob.ZipCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.%0D%0ALoads also Vcodec, Vcodec.eMedia
[Guptachar]
Product=Guptachar
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Guptachar installs executable files into windows directory, disguises itself as "GPTCR2" to run at system without giving the user a possibility to cancel that process.%0D%0A
[Win32.Delf.uc]
Product=Win32.Delf.uc
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.uc installs library and data files into the system folder without giving the user a possibility to cancel that process. It also downloads Smitfraud-C., Smitfraud-C.Toolbar888, Tencent. Variants also add themselves to the winlogon to get started at every Windowsstart.
[Win32.Small.edd]
Product=Win32.Small.edd
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.edd disables all Windows security settings like Windows firewall and Windows security center and firewall/antivirus/update notifications. Additionally it tries to download malicious files from the internet.
[Win32.Bagle.Rtk]
Product=Win32.Bagle.Rtk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Once this rootkit is installed it disables and deletes firewalls and other antispyware products. Afterwards Win32.Bagle.Rtk copies itself to a folder hidden from the windows API (user interface). It runs a service which hides malware files from the user.%0D%0A
[Banload.bsr]
Product=Banload.bsr
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Banload.bsr copies its malicous exetutable files into the windows folder without giving the user a possibility to cancel that process.
[SpyCQ]
Product=SpyCQ
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=EULA (End-User License Agreement) - SpyCQ Licensing%0D%0A--------------------------------------------------------------------------------%0D%0AExcept where otherwise noted, all of the documentation and software included is copyrighted by hmemcpy. %0D%0ACopyright ⌐ 2004 by hmemcpy. All rights reserved. %0D%0A--------------------------------------------------------------------------------%0D%0A1. In order to use the software ("SpyCQ"), the user ("End-User") has to agree and comply with all the terms in this EULA document. Failure to do so revokes any rights to use the software by any means.%0D%0A2. This software is free for personal and non-profit use, and comes with no obligation for technical support whatsoever.%0D%0A3. The origin of this software shall not be misrepresented; you must not claim that you wrote this software.%0D%0A4. The user may not decompile, disassemble, debug, resource edit, or otherwise reduce the binary files to human-presumable code. You may not modify, adapt, translate, or create derivative works based upon this software.%0D%0A5. If you would like to distribute SpyCQ packaged within a product such as a book, magazine, etcetera, please e-mail the author at: hmemcpy@hmemcpy.com in order to obtain a mandatory written authorization.%0D%0A6. This software is provided "as-is", without any express or implied warranty. In no event shall the author be held liable for any damages arising from the use of this software.%0D%0ALast revised: 07/10/2004
Description=SpyCQ uses up all system resources.
[Win32.RAdmin]
Product=Win32.RAdmin
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.RAdmin copies its malicious files to the system folder without giving the user a possibility to cancel that process.
[IMSurfSentinel]
Product=IMSurfSentinel
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=IMSurfSentinel installs to the system directory and runs silently in the background. It records all keystrokes without the user's awareness or consent about this. Additionally it tracks the user's surfing and working behaviour.
[ActualSpy]
Product=ActualSpy
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=ActualSpy installs to the system directory and runs silently in the background. It records all keystrokes without the user's awareness or consent about this. Additionally it tracks the user's surfing and working behaviour.
[Winsoftware.WinAntiVirusPro2007]
Product=Winsoftware.WinAntiVirusPro2007
Company=Winsoftware
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit antivirus software
Privacy=
Description=This software is not officially announced on the vendors website like the previous versions, which were used for fraud. This version is promoted via software news sites and distributed over download services like rapidshare.%0D%0AIt appears to not run at all if not properly activated (by payment), in truth parts of it run in background all the time, even after uninstallation. During installation, runtime and uninstallation the software connects to various statistic servers posting data.
[Banker.PorSVC]
Product=Banker.PorSVC
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit Microsoft file svchost
Privacy=
Description=This trojan horse runs in background pretending to be a file from Microsoft. It copies itself as system32.exe into the system directory and adds itself to the system start. It keeps running in background waiting for certain events to harm the user's computer.
[Banker.PorSMTP]
Product=Banker.PorSMTP
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be the Internet Explorer or screensaver
Privacy=
Description=This trojan horse pretends to be the Internet Explorer or screensaver , runs in background , connects to the internet via email ports and adds itself to the system start.
[Win32.Bagle.hl]
Product=Win32.Bagle.hl
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan downloader. Drops a library and a copy of itself to the system directory. It also creates system start entries. This trojan attempts to download files from a number of prespecified URLs and run them.
[Win32.Bagle.av]
Product=Win32.Bagle.av
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse disables the regedit program and the windows security center, it copies itself to the system directory and creates system start entries. Also it denies users access to several security related URLs.
[EasyKeylogger]
Product=EasyKeylogger
Company=easykeylogger.com
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=EasyKeylogger records all keystrokes without the user's awareness or consent about this. It captures the passwords behind the asterisks. EasyKeylogger is able to bypass the firewall program. It works in invisible mode.
[FreeKeylogger]
Product=FreeKeylogger
Company=easykeylogger.com
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=FreeKeylogger records all keystrokes without the user's awareness or consent about this. It captures the passwords behind the asterisks. FreeKeylogger is able to bypass the firewall program. It works in invisible mode.
[WinSpy.SpySoftWareX]
Product=WinSpy.SpySoftWareX
Company=WinSpy
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WinSpy.SpySoftWareX records all keystrokes without the user's awareness or consent about this. It tracks the user's surfing and working behaviour. It creates autorun entries in the registry in order to be launched on each Windows startup. WinSpy.SpySoftWareX collects also important system information.
[WebExplorer]
Product=WebExplorer
Company=All-Spy.com
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WebExplorer installs to the system directory and runs silently in the background. It records the user's surfing behaviour and visited websites without user consent and thus makes it possible to spy on the user.
[Win32.LowZones]
Product=Win32.LowZones
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The downloaded file lowers the security settings for the internet by changing certain registry keys ("zones"). The zones restrict internet applications access to the user's system. The trojan horse tries to connect to a remote server. Please restore the zones settings manually by clicking "Internet Options" -> "Security" .
[Win32.Bagle.flc]
Product=Win32.Bagle
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan downloader. This program copies itself to the system folder and creates a system start entry. It attempts to download files from a number of prespecified URLs and run them. This programm is able to deactivate antispyware products.
[Win32.Bagle.hld]
Product=Win32.Bagle.hld
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan downloader. This program copies itself to the system folder and creates system start entry. It attempts to download files from a number of prespecified URLs to a directory created in the windows directory. This program is able to block antispyware servers to prevent further updates.
[AllInOneKeylogger]
Product=AllInOneKeylogger
Company=relytec.com
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AllInOneKeylogger installs to the system directory and runs silently in the background. It records all keystrokes without the user's awareness or consent about this. It tracks the user's surfing and working behaviour. It creates Autorun entries in the registry in order to be launched on each Windows startup. AllInOneKeylogger is also able to prevent anti-spyware, anti-virus etc. tools from working.
[SpyLocked]
Product=SpyLocked
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Official demo version appears to install normally but finds a lot of false positives, most likely intentional to make the user buy the full version. SpyLocked is in close relation to SpywareQuake and is advertised by fake Windows messages.
[A-Spy 2.11]
Product=A-Spy 2.11
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=A-Spy records all keystrokes without the user's awareness or consent about this. Additionally it tracks the user's surfing and working behaviour.
[Palsol]
Product=Palsol
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This keylogger installs to the system directory and runs silently in the background. It records all keystrokes without user consent and thus makes it possible to spy on the user.
[CyberSpy]
Product=CyberSpy
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=CyberSpy records all keystrokes without the user's awareness or consent about this. Additionally it tracks the user's surfing and working behaviour.
[Win32.Small.cnd]
Product=Win32.Small.cnd
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.cnd copies itself into the system directory of the operating system, runs in the background and tries to connect to the internet without giving the user a possibility to cancel it.
[AYOSpy]
Product=AYOSpy
Company=AYO Soft
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AYOSpy captures passwords from mail and messenger clients and sends it threw the internet. Additionally all keystrokes, visited URLs, IP Address, OS & Browser get captured.
[Banker.AHY]
Product=Banker.AHY
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This Trojan installs itself without user consent and starts itself at system start. Its malicious files are named so that they can be confused with legit Windows files.
[Zlob.MovieCommander]
Product=Zlob.MovieCommander
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[WideStep]
Product=WideStep
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=records all keystrokes.
Privacy=
Description=WideStep gets installed to the system directory and runs silently in the background. It records all keystrokes without the user's awareness or consent about this.
[Free-Key-Logger]
Product=Free-Key-Logger
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Free-Key-Logger installs into the system directory of your operating system and tries to record all keystrokes made by the user. In our tests it totally crashed the windows installation.
[Win32.Agent.ahd]
Product=Win32.Agent.ahd
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.ahd copies itself into the root directory of the operating system and tries to connect to the internet without the user's awareness.
[Win32.Optix.b]
Product=Win32.Optix.b
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Optix.b copies itself into the windows directory of the operating system and adds itself to system start. It tries to connect to the internet and waits for new orders to harm the operating system.
[Zango.AntiSpamBar]
Product=Zango.AntiSpamBar
Company=Zango
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an antispam toolbar for outlook, it is either adsupported or can be purchased
Privacy=
Description=Installation is not abortable after the user has the chance to clearly see what is going to get installed. Thus the software installs a lot more than the user has originally wanted. Includes parts of Hotbar and Zango.%0D%0AAlso installs Outlook Redemption that has the ability to bypass limitations imposed by securtity patches.
[Zango.Seekmo]
Product=Zango.Seekmo
Company=Zango
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Seekmo Toolbar and Search Assistant deliver contextual advertising.
Privacy=
Description=Seekmo Toolbar and Search Assistant are almost identical to Zango Toolbar and Search Assistant. It also gets installed to provide access to media in exchange for contextual advertising. Media is not always exclusively provided by Zango, thus there may be no need to install the software since the content can be acquired elsewhere. Installation messages shown by Zango/Seekmo can be misinterpreted. Distribution of Seekmo is also questionable , there appear to be suspicious affiliates/distributors.
[Zlob.MovieBox]
Product=Zlob.MovieBox
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Zlob.PrivateVideo]
Product=Zlob.PrivateVideo
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers. This variant also changes the dhcp name server.
[3BSoftware.RegistryRepair]
Product=3BSoftware.RegistryRepair
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a tool for repairing the windows registry
Privacy=
Description=The demo version of RegistryRepair installs a desktop link to Smiley Central without user consent. If the user rejects to buy the full version on the linked website, he gets bothered by a supposed to be live chat and warning messages.
[Zlob.NewMediaCodec]
Product=Zlob.NewMediaCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some kind of media codec
Privacy=
Description=Installs and runs files that are supposed to look like legit Windows files in background. It also does not show any EULA and connects to the internet in background. This trojan horse is able to download additional malicious code from the internet.
[Bluettooth]
Product=Bluettooth
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Bluettooth copies executable and library files to the system folder. It runs its files in background and adds itself to autorun as "bluettooth" without user consent.
[Kalmarte]
Product=Kalmarte
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Kalmarte copies executable files into the system folders. It runs its files in background and adds itself to autorun as "vssms32" without user consent.
[SC-KeyLog]
Product=SC-KeyLog
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SC-Keylog is recording every kind of keystrokes without the agreement of the user.
[Win32.MicroJoiner]
Product=Win32.MicroJoiner
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.MicroJoiner copies files into the system folder without giving the user a possibility to cancel that process. Also loads SC-KeyLog.
[Win32.SdBot.yx]
Product=Win32.SdBot.yx
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.SdBot.yx copies executable files into the system and Windows folders. It runs its files in background and adds itself to autorun as "services", "LsassXP"
[PC-Spy-Monitor 2007]
Product=PC-Spy-Monitor 2007
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=PC-Spy-Monitor 2007 records all keystrokes without the user's awareness or consent about this. Additionally it records screenshots of every window the user opens and tracks sessions of instant messengers. Pc-Spy-Monitor 2007 creates an Autorun entry in order to be launched on each Windows startup and is able to send the tracked information by email to the person that wants to spy out the computer.
[Win32.VB.ahq]
Product=Win32.VB.ahq
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.ahq copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer. The malicious files of Win32.VB.ahq are named similar to real existing Windows files.
[SpySoap]
Product=SpySoap
Company=spysoap.com
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a free anti-spyware scan and removal tool
Privacy=
Description=SpySoap claims to be a free anti-spyware scan and removal tool but when you want to remove found threats you have to register and purchase it. No imprint information on the website or within the program.
[Agobot.Backdoor]
Product=Agobot.Backdoor
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The downloaded file moves itself into the system directory and creates an autorun entry. It shuts down several antivirus software making the system vulnerable for further attacks. The trojan can also communicate via IRC.
[Win32.OnLineGames]
Product=Win32.OnLineGames
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The downloaded file moves itself into the Windows directory. It drops a .dll file with the same name which is injected into every process started after running the trojan. As the name suggests, the trojan tries to steal passwords for online games.
[Weatherstudio.Toolbar]
Product=Weatherstudio.Toolbar
Company=Weatherstudio
Threat=Adware
CompanyURL=weatherstudio.com
CompanyProductURL=weatherstudio.com
CompanyPrivacyURL=weatherstudio.com
Functionality=Display weather for a location predefined by the user.
Privacy=[...] We need to collect some data to know how many users we have, how our products are performing and where our business going. We do not exploit our users nor do we collect any data that allows us or anyone else to personally identify a user. We do not send or collect any information that can personally identify a user.%0D%0AWe do collect information that is already available to every website you visit. Examples include browser version, language and other browser and connection information.%0D%0AWe use a unique id in order to know how many people use our products. This id is not personally identifying in any way; it is a completely random number.%0D%0AWe do send a log once per day that tells us how many users are installed.%0D%0AWe do collect data at our search and travel sites. This is needed to monitor our business performance. This data does not contain any personally identifying information.%0D%0AWe do not and will not sell or distribute any data collected from the user. %0D%0AWe do share aggregated information with others. Examples of this include how many users clicked on a particular paid listing in a search result.%0D%0AWe do take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data.[...] %0D%0A%0D%0A
Description=Weatherstudio installs a toolbar for the IE including links to dating sites and ringtone sites. The application may display alternate search results and ads. There is no EULA shown during installation, however the terms of use and privacy policy can be viewed on weatherstudio.com. When uninstalled, some registry entries and application folders remain. To the quote from the privacy policy: the kind of data collected is a unique ID
[Win32.Agent.jb]
Product=Win32.Agent.jb
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan copies itself into the system directory. It creates an autorun entry to run at system startup in background. The file connects via Internet Explorer (hidden!) to several websites and creates cookies. If the user looks up the sites visited, a DriveCleaner ad is displayed.
[CyberBill]
Product=CyberBill
Company=CyberBill Inc.
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=CyberBill dials up a toll number without giving any information about the costs.
[GuardianMonitor]
Product=GuardianMonitor
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=GuardianMonitor installs to the system directory and runs silently in the background. It records all keystrokes and the user's surfing and working behaviour. Additionally it is possible to send all data to a configured email address without user's awareness.
[BossEveryware]
Product=BossEveryware
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=BossEveryware installs to the system directory and runs silently in the background. It records all keystrokes and the user's surfing and working behaviour. Additionally it is possible to send all data to a configured email address without user's awareness.
[HandyKeylogger]
Product=HandyKeylogger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=HandyKeylogger installs to the system directory and runs silently in the background. It records all keystrokes and the user's surfing and working behaviour. Additionally it has the ability to send all data to a configured email address without user's awareness.
[Stration.ICQ]
Product=Stration.ICQ
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Stration is a kind of malware spread on icq. It copies malicious files into the system directory and tries to connect to the internet without user's knowledge. When it is connected to the internet it waits for new orders to harm the computer.
[Win32.Rbot.aeu]
Product=Win32.Rbot.aeu
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan is a backdoor program. It installs itself in the registry, creates autorun entries and allows others to access the computer.
[Win32.Rbot.bms]
Product=Win32.Rbot.bms
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan is a backdoor program. It installs itself in the registry, deactivates firewalls and security settings, kills running antivirus software, modifies the host list, to prevent further antivirus updates. It creates autorun entries and allows others to access the computer. This program starts the Microsoft Messenger software in the background, it also creates multiple copies of itself within the Windows system directory.
[Smitfraud-C.Toolbar]
Product=Smitfraud-C.Toolbar
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a security toolbar
Privacy=
Description=This trojan horse disguises itself as a security toolbar but is in truth related to the Smitfraud-C. malware family. It opens the IE in background without user consent and advertises other fake security solutions.
[Smitfraud-C.KooWo]
Product=Smitfraud-C.KooWo
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some kind of toolbar
Privacy=
Description=Trojan horse runs in background and connects to the internet and downloads additional executables without user consent. It installs its files and services with variable names to avoid detection and removal. It also hijacks the browser homepage to a chinese searchsite. If you encounter this product please contact Team Spybot via email or forums to get help with removal.
[Opnis.Nak]
Product=Opnis.Nak
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit file
Privacy=
Description=This trojan horse runs in background and tries to establish a terminal server session without the users' consent thus making the computer vulnerable.
[Win32.Small.r]
Product=Win32.Small.r
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.r copies executable files to the windows folder. It runs its files in background mode without giving the user a possibility to cancel that process.
[Win32.Maran.db]
Product=Win32.Maran.db
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Maran.db copies executable files to the windows folder. It runs its files in background mode without giving the user a possibility to cancel that process.%0D%0AAlso loads Maran.J
[Hupigon13]
Product=Hupigon13
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Hupigon13 copies executable and libraries files to the windows and root folders. It disguises itself as "kauupl" to run at system start, runs its files in background mode without giving the user a possibility to cancel that process.%0D%0AAlso switches some programs like nod32.exe or regedit.exe in debug mode, saves internal information and starts itself using an autorun.inf file located on your system hard disk.
[2020Search]
Product=2020Search
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The program secretly installs a BHO and a toolbar. There are also some registry entries made.
[VX2.h.ABetterInternet]
Product=VX2.h.ABetterInternet
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=A BHO is installed without user consent to find out about the user's interests while he/she is surfing. An autorun entry is created in order to run spyware files at system startup. The files are running in background.
[SecondThought.STCLoader]
Company=
Product=SecondThought.STCLoader
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This spyware runs in background without user consent and tries to collect personal information about the user.
[AdSpy.TTC]
Product=AdSpy.TTC
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some kind of browser helper object
Privacy=
Description=This trojan horse gets installed by other trojan horses. It pretends to be some kind of browser helper object while running in background and connecting to various malicious servers without user consent.
[DELF.Sysmd]
Product=DELF.Sysmd
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse gets installed by other trojan horses. It runs in background and connects to the internet and downloads more trojan files.
[SysOfferMgr]
Product=SysOfferMgr
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some kind of browser helper object
Privacy=
Description=This trojan horse gets installed by other trojan horses. It pretends to be some kind of Browser Helper Object while running in background and connecting to various malicious server without user consent.It adds itself as a browser helper object to the Internet Explorer and runs in background when the IE is being used.
[Smitfraud-C.CoreService]
Product=Smitfraud-C.CoreService
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be some kind of driver
Privacy=
Description=This trojan horse gets installed as a driver and constantly runs in background and connects to malicious servers without any user consent. Removal may require to manually close the file handles of the core.cahce.dsk and core.sys residing in the folder \windows\system32\drivers\. To receive help on this please contact Team Spybot S&D via forums or email.
[WebBuyingAssistant]
Product=WebBuyingAssistant
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some kind of assistant for webrelated advertising
Privacy=
Description=WebBuyingAssistant can be installed and executed without user consent, it can install itself in background with the help of a trojan horse. It has no uninstall entry and connects to its servers wihtout user consent while the Internet Explorer runs.
[ZQest.K8L]
Product=ZQest.K8L
Company=K8L MediaServers Inc.
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse gets downloaded and run by other trojan horses. It runs in background and connects to various advertising servers without user consent. It also executes its malicious files in background and hides its presence.%0D%0AIt is using the Windows Explorer to connect to the internet.
[ZenoSearch.Q]
Product=ZenoSearch.Q
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some kind of legitimate software
Privacy=
Description=This trojan horse gets installed by other trojan horses and connects to the internet in background. It also poses as a Windows security update.
[Fake.AviraBill]
Product=Fake.AviraBill
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Fake.AviraBill is spread by an email that pretends to come from Avira Antivir. If the user opens the attached file the spyware copies to the system drive, collects personal information like email adress and passwords and sends them to a server in the internet. If you are infected with these kind of spyware make sure you change all your passwords you are using for email accounts on your system.
[ICQ-SpyMonitor]
Product=ICQ-SpyMonitor
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=ICQ-SpyMonitor installs to the system directory and runs silently in the background. It records all keystrokes made by icq. Additionally it has the ability to send all data to a configured email address without user's awareness.
[FreeKeylogger.CN.a]
Product=FreeKeylogger.CN.a
Company=Free-Keylogger.com
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=FreeKeylogger.CN.a installs to the system directory and runs silently in the background. It records all keystrokes without the user's awareness or consent about this. It creates autorun entries in the registry in order to be launched on each Windows startup.
[PaqTool]
Product=PaqTool
Company=paqtool.com
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=EasyKeylogger records all keystrokes without the user's awareness or consent about this. It captures the passwords behind the asterisks. EasyKeylogger is able to bypass the firewall program. It works in invisible mode. It does not give a license agreement.
[Tasker]
Product=Tasker
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to create macros for applications management
Privacy=
Description=Tasker downloads also Win.Delf.zq without giving the user a possibility to cancel that process.
[EnterCasino]
Product=EnterCasino
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Netinstaller is supposed to download and install the software. But even after 'completed' installation the software actually continues to download additional files for various online games. %0D%0AAlthough downloading from the EnterCasino servers is possible, actually using the software is not possible.%0D%0A
[IRC.Sdbot]
Product=IRC.Sdbot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=IRC.Sdbot copies itself into the system directory of the operating system, tries to connect to the internet and adds itself to autorun as "Local Security Authority Service" without user consent.
[Win32.Delf.amh]
Product=Win32.Delf.amh
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It creates many files in the system and windows folders with names similar to valid windows files without giving the user a possibility to cancel that process.
[Win32.Agent.aeu]
Product=Win32.Agent.aeu
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.aeu copies executable files to the system folder without giving the user a possibility to cancel that process.
[Win32.VB.zf]
Product=Win32.VB.zf
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.zf copies executable files to the system folder without giving the user a possibility to cancel that process.
[Win32.VanBot.ax]
Product=Win32.VanBot.ax
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VanBot.ax copies executable files into the system folder without giving the user a possibility to cancel that process.
[Win32.Warezov.fb]
Product=Win32.Warezov.fb
Company=
Threat=Malwazre
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Warezov.fb copies executable files into the system folder without giving the user a possibility to cancel that process.
[SmartKeystrokeRecorder]
Product=SmartKeystrokeRecorder
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SmartKeystrokeRecorder installs to the program files directory and runs silently in the background. It records all keystrokes and the user's surfing and working behaviour. Additionally it is possible to track conversations made by instant messengers.
[BAT.KillAV]
Product=BAT.KillAV
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=BAT.KillAV is a simple trojan. It is just a batch file which once executed ends processes of different security tools. It tries to establish a ftp connection to a server in the internet.
[BlackCore]
Product=BlackCore
Company=Kill Home Inc.
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=BlackCore is a backdoor trojan that can be controlled by a remote attacker. It is able to take over control of system critical functions. BlackCore also copies itself to your system directory and tries to connect to the internet. When connected to a server it will open a browser window and display an advertising website.
[LocalKeyloggerPro]
Product=LocalKeyloggerPro
Company=YL Computing
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=LocalKeyloggerPro installs to the system directory and runs silently in the background. It records all keystrokes without the user's awareness or consent about this. For instance it makes screen shots every few time units. All data will be saved in its program directory and/or will be sent via the internet. It creates Autorun entries in the registry in order to be launched on each Windows startup. LocalKeyloggerPro is able to block applications, also anti spyware applications! There is no real privacy policy given on the product.
[Zlob.VideoAXObject]
Product=Zlob.VideoAXObject
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[Inside Keylogger]
Product=Inside Keylogger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Inside Keylogger tracks all keystrokes without the user's awareness or consent about this. It runs silently in the background and makes screen shots of every application or website the user is using.
[KeyloggerExpress]
Product=KeyloggerExpress
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=KeyloggerExpress records all keystrokes without user consent and thus makes it possible to spy on the user's surfing and working behaviour
[Win32.Obfuscated.gs]
Product=Win32.Obfuscated.gs
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Obfuscated.gs copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Win32.Agent.ahk]
Product=Win32.Agent.ahk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.ahk runs in the background and copies bad libraries and executable files into the system directory. Also loads Smitfraud-C.
[Banker.abj]
Product=Banker.abj
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be legit files from Winrar, MSN or Internet Explorer
Privacy=
Description=Banker.abj runs in background, copies executable files into the windows directory and also registers itself as "taskngr" in system start. It runs in background and connects via smtp to a fixed IP address.
[Banker.ceu]
Product=Banker.ceu
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Banker.ceu copies an executable file as services.exe into the windows folder without giving the user a possibility to cancel that process. It runs in background and connects via smtp to a fixed IP address.
[Banload.bjh]
Product=Banload.bjh
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a screensaver or legit software.
Privacy=
Description=Banload.bjh copies an html file as a bat file into the system directory without giving the user a possibility to cancel that process. It also opens a spanish website. The trojan horse pretends to be a screen saver or legit software like Windows Publisher.
[Win32.Dadobra.ky]
Product=Win32.Dadobra.ky
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Pretends to be Microsoft files
Privacy=
Description=Win32.Dadobra.ky runs in the background, copies executable files into the system directory and also registers itself as "system32" in system start. It starts the Internet Explorer and opens a brasilian website. It runs in background and connects via smtp to a fixed IP address.
[Win32.Delf.ww]
Product=Win32.Delf.ww
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Cartao disguises as "MsnMsgr" to run at system start without giving the user a possibility to cancel that process.
[Win32.StartPage.ama]
Product=Win32.StartPage.ama
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.StartPage.ama copies an executable file disguised as svchost.exe into the windows folder without user consent. It also changes the startpage of the Internet Explorer.
[AdminSystem.AOSMTP]
Product=AdminSystem.AOSMTP
Company=AdminSystem Software Limited
Threat=PUPS
CompanyURL=http://www.emailarchitect.net/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Email software for smtp.
Privacy=
Description=This software is not harmful when installed properly. Unfortunately it can be installed in background and used by trojan horses such as Banload.ScrTasklist and other trojan horses. It will then send emails to malicious adresses.If you installed AdminSystem Software by yourself, it is safe to keep but if you did not install it probably got installed by trojan horses.
[Banker.CN]
Product=Banker.CN
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a screen saver
Privacy=
Description=This trojan horse connects to the internet in background and downloads a system32.scr. It also registers itself as JVM0.exe in system start.
[Banload.ScrTaskList]
Product=Banload.ScrTaskList
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a screensaver or picture
Privacy=
Description=This trojan horse pretends to be a picture or a screensaver. When executed it runs in background, connects to malicious websites in background and downloads a tasklist32.exe disguised as a picture. This Tasklist32.exe is added twice to system start, it also uses AdminSystem.AOSMTP as smtp engine to connect via smtp port 25 to the internet.
[Banload.Terra.Scr]
Product=Banload.Terra.Scr
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a screensaver
Privacy=
Description=The trojan horse pretends to be a screensaver. Once executed it runs in background, connects to the internet, tries to download other trojan files, connects via smtp or opens the Internet Explorer with a brasilian search site.
[Banload.WLS]
Product=Banload.WLS
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a WindowsLiveSecurity file
Privacy=
Description=This trojan horse pretends to belong to Windows Security. It can also appear as a screensaver. It adds itself to the systemstart and runs in background, listens to incoming UDP connections and opens the IE and redirects it to a spanish website.
[Win32.Delf.awi]
Product=Win32.Delf.awi
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a webpage or other harmless file
Privacy=
Description=This trojan horse pretends to be an html or other harmless file. When executed it runs in background and tries to download another executable from a chinese domain. It also connects directly to an chinese IP address.
[Win32.Delf.nz]
Product=Win32.Delf.nz
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be 7zip file
Privacy=
Description=This trojan horse disguises itself as a 7zip file, it runs in background and tries to download an alien.exe.
[Win32.Agent.avq]
Product=Win32.Agent.avq
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.avq copies its trojan executable and library files into system directories and tries to connect to the internet in background.
[Netbus]
Product=Netbus
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Netbus enables complete remote control, such as access to applications, desktop settings, fileaccess etc. Might be used to control remote your PC without your consent.
[22ndStreetComputers.PS3_fraud]
Product=22ndStreetComputers.PS3_fraud
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Supposed to be a manual to get a PS 3. Instead the exe file displays advertising and tries to connect to the internet in background. The exe has been manipulated to look like it came from an ebook store .
[IRC-Bot.troyan]
Product=IRC-Bot.troyan
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=IRC-Bot.troyan installs executable files into the system folder. It disguises itself as "avast" to run at system start and it connects in background to an IRC Server. The name is not a typo, it is meant to be this way as it can be found within the file itself. ;-)
[Realplay.Keylogger]
Product=Realplay.Keylogger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Realplay installs its files into "system" and "program files\realplay" folder. It saves information about all keystrokes in a log file and tries to connect to the internet in background with multiple instances of your default internet browser.
[Win32.Delf.zw]
Product=Win32.Delf.zw
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.zw copies an executable file into system directory without giving the user a possibility to cancel that process. It tries to look like a windows system file (e.g. ctfmon.exe).
[Win32.Small.ege]
Product=Win32.Small.ege
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.ege copies executable and library files into the "Windows" and the "system" directory and tries to connect to the internet in background.
[Win32.Small.is]
Product=Win32.Small.is
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.is starts the default internet browser and opens websites containing cheats and cracks. It hides an executable file in the temp folder.
[WinREG.LowZones]
Product=WinREG.LowZones
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WinREG.LowZones installs html files into the windows folder, it disguises itself as "SYSTRAY" in system start. The html file claims to connect to msn.com or yahoo.com but runs a Javascript and connects to malicious websites. This page redirects the user to www.msn.com after a shot pause. It adds to the feeling that it is actually updating msn. In the background the internet zones get changed to give malicious websites better access to your computer.
[AntiSpyWare2007]
Product=AntiSpyWare2007
Company=AntiSpyware LLC /AntiSpyware Inc.
Threat=Malware
CompanyURL=http://www.anitspyware.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a proper antispyware software
Privacy=
Description=AntiSpyware2007 pretends to be a legit antispyware tool. The website is made to look a lot like a Microsoft website while the registrant is hidden via "domains by proxy". Usually fake or rogue antispyware vendors try to hide themselves via "domains by proxy" or similar services. The Website does imply that AntiSpyware 2007 is freeware, but it is not. After a successfull scan the user is prompted to pay for the software to make removal of found items possible, even if only cookies were found. The detection database is downloaded from a 2squared website, which does not appear to have any official relation to AntiSpyware2007. AntiSpyware2007 pretends that their affiliate program prohibits deception but the website templates provided are made to look very similar to the websites of established antispyware vendors.
[DeepScan.Zet]
Product=DeepScan.Zet
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an erotic video screensaver
Privacy=
Description=This trojan horse pretends to be an erotic video screensaver. To hide its malware intentions it starts the Deskmate Tahni installer. In background it compromises the Windows Firewall, puts various exe files with random names into c:\ and executes them. It connects to the internet in background and slows down the computer while showing a command console for each of the randomly named exe files.
[Bifrost]
Product=Bifrost
Company=evileyesoftware.com
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Bifrost v 1.1 is a RAT (Remote Administration Tool) that allows its (remote) controller to take control over the infected system. It copies itself to your system directory and tries to connect to the internet in order to await orders from the attacker.
[KingHomeLogger]
Product=KingHomeLogger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=KingHomeLogger runs silently in the background of the operating system and tracks all keystrokes made by the user. So it is possible to spy on the user's surfing and working behaviour.
[Keylogger-Pro]
Product=Keylogger-Pro
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Keylogger-Pro runs silently in the background of the operating system and tracks all keystrokes made by the user. So it is possible to spy on the user's surfing and working behaviour.
[QQ-Pass]
Product=QQ-Pass
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The application creates registry entries and tries to inject a system file into processes related to QQ. It tries to steal user information, especially passwords for QQ.
[Worldsecurityonline.FakeAlert]
Product=Worldsecurityonline.FakeAlert
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Worldsecurityonline.FakeAlert shows fake messages that look like security updates from Microsoft. If the user clicks on one of these messages the computer starts to download AntiverminsPro or other various rouge antispyware tools.
[SC KeyLog Pro]
Product=SC KeyLog Pro
Company=Soft-Central
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SC Keylog Pro is recording every kind of keystrokes without the agreement of the user. Autorun entries are created to load the keylogger on every windowsstart.
[Win32.Small.cyn]
Product=Win32.Small.cyn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.cyn drops a file in the system directory, copies itself in the temp folder and creates a system start entry (AppInit_DLLs) in the registry. It tries to download files from the internet.
[Win32.Kardphisher]
Product=Win32.Kardphisher
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Kardphisher pretends to be Microsoft activation form to check if the Windows version you use is no pirated version. It forces the user to enter creditcard number and pin. If you close the activation form without filling the card information the computer will be restarted. It creates an autorun entry to be loaded on every windows startup. ADDITIONAL REMOVING INSTRUCTIONS: Please restart your computer in safe mode and run Spybot Search & Destroy.
[Win32.Small.afk]
Product=Win32.Small.afk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.afk copies executable files into system directory without giving the user a possibility to cancel that process.
[AdobeR.PassGenerator]
Product=AdobeR.PassGenerator
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AdobeR.PassGenerator installs itself into system directory and starts itself in autorun as "Microsoft". The file itself contains typical passwords, propably to gain access to some databases.
[TreloScript.HackTools]
Product=TreloScript.HackTools
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs hacker tools on an infected PC.
[WinIogon.Keylogger]
Product=WinIogon.Keylogger
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WinIogon.Keylogger installs into windows directory and starts in autorun as "Windows Logon Application". It records all keystrokes without the user's awareness or consent about this.%0D%0AAlso disables start "cmd.exe" and changes shell settings in the registry ("Explorer.exe" to "WinIogon.exe")%0D%0AMakes changes to Windows security center.
[BioNet]
Product=BioNet
Company=Cyberium
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=BioNet is a RAT (Remote Administration Tool) that allows its (remote) attacker to take control over the infected system bypassing the firewall. When the computer is connected to the internet the trojan tries to connect to a server in order to await orders from the attacker.
[BladeRunner]
Product=BladeRunner
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=BladeRunner is a RAT (Remote Administration Tool) that allows its (remote) attacker to take control over the infected system. When the computer is connected to the internet the trojan tries to connect to a server in order to await orders from the attacker.
[CWS.Svhost]
Product=CWS.Svhost
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be the legit svchost.exe
Privacy=
Description=This trojan horse pretends to be the legit svchost.exe. It adds itself to system start and runs in background. It connects to various malicious websites in background.
[FakeMSFirewallUpdate]
Product=FakeMSFirewallUpdate
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be an update for the Windows Firewall
Privacy=
Description=This trojan horse pretends to be an update for the Windows Firewall. It runs in background, hides the winlogon.exe from the Windows API with rootkit functions, downloads itself from a russian website and changes the Internet Explorer settings. Thus compromises the system stability and security.
[LDPinch.csrss]
Product=LDPinch.csrss
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be some kind of update and legit service
Privacy=
Description=This trojan horse installs itself as a service, runs in background as csrss.exe, hooks itself up to the svchost.exe and downloads additional files from the internet. It logs keystrokes associates with files and programs in a text file with the fixed name 643642kl.txt located in the Windows directory. The trojan horse also causes a Dos attack with multiple requests over ports 110 , 80 and 53. It also listens to incoming UDP connections.
[Nurech.BG]
Product=Nurech.BG
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an email with information in a Word document.
Privacy=
Description=This trojan horse pretends to be a Word document with information about the user being accused for filesharing. Once the file is being executed , it connects to the internet in background, downloads other trojan horses and sends information about the user to a malicious website when the user opens the Internet Explorer. Additionally the Firefox gets sabotaged and the Internet Explorer gets authorized for the Windows Firewall.
[MalwareBot]
Product=MalwareBot
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=MalwareBot claims to be a solution against all kinds of malware. When the user starts a scan, it finds some harmless cookies as high risk problems. MalwareBot is the same malicious program as SpywareBOT.
[ExpertAntivirus]
Product=ExpertAntivirus
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=ExpertAntivirus claims to be a solution against all kinds of malware and spyware. When the user starts a scan, it finds some harmless files and registry entries as high risk problems and if the user wants to solve these false positives detected by ExpertAntivirus he has to purchase a licence.
[SpyVampire]
Product=SpyVampire
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyVampire claims to be a solution against all kinds of malware and spyware. When the user starts a scan, it finds some harmless cookies as high risk security problems. If the user wants to solve these false positives detected by SpyVampire he has to purchase a licence.
[Netsky.Z]
Product=Netsky.Z
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse pretends to be various desired files, it also installs a fake system startup entry pretending to be Norton Antivirus. NetSky.Z connects to the internet in background, it appears to distribute itself via email and peer to peer networks.
[Win32.Renos.dk]
Product=Win32.Renos.dk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan connects to a remote server and downloads malware and image files to the windows and system directory. It displays a faked error message after creating registry keys and files to pretend an adware or malware infection. Afterwards the trojan horse starts to show pseudo warning messages of the Windows security center and advertises fake security solutions.
[Zlob.ImageAXObject]
Product=Zlob.ImageAXObject
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[Win32.KillAV]
Product=Win32.KillAV
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file creates an autorun entry and runs in background on every system startup. It then starts IE in background which connects to some adware websites. It also has the ability to deactivate some (antivirus) programs.
[Microsoft.Windows.DisableCMD]
Product=Microsoft.Windows.DisableCMD
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=This setting within Windows can disable the command prompt.
Privacy=
Description=If the command prompt has been disabled by your Administrator or by yourself , you can ignore this entry. Otherwise malware or other software has disabled the command prompt to impair the functions of the computer.
[VisualShock.Keyloger]
Product=VisualShock.Keyloger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=VisualShock.Keyloger runs silently in the background of the operating system and tracks all keystrokes made by the user.
[Win32.Agent.ady]
Product=Win32.Agent.ady
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.ady installs itself secretly into the system directory. It eats up system resources and installs itself as a service and pretends to be a system driver.
[Win32.Ranky.gn]
Product=Win32.Ranky.gn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Ranky.gn installs itself into the system directory and starts itself in autorun as "Advanced DHTML Enable". It also connects to the internet in background.
[Win32.Iroffer.b]
Product=Win32.Iroffer.b
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Iroffer.b installs itself into the system directory, creates the services "DisplayController" and "EthernetController" and tries to connect to the internet in background.
[MExplorer]
Product=MExplorer
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit or harmless file
Privacy=
Description=The MExplorer trojan horse pretends to be a harmless file. It runs in background and uses rootkit functionality to hide itself from the Explorer. It hooks a services32.dll to various processes like the Explorer and Spybot S&D. Symptoms for a MExplorer infection are access violation error messages while scanning with Spybot S&D. Removal may require manual steps, please contact Team Spybot S&D via email or forums. MExplorer adds an iexplore.dll as a browser helper object to the Internet Explorer and opens the browser in background. The trojan horse also connects to malicious websites in background and transmits information about the user's computer.
[Torpig.gb]
Product=Torpig.gb
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit or harmless file
Privacy=
Description=The Torpig.gb trojan horse runs in background and connects to malicious websites. It collects information about the user's email account and sents it to its malicious websites. It also installs a service to run the trojan horse at every system start.
[Crypt.PCMM]
Product=Crypt.PCMM
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be legit file
Privacy=
Description=The Crypt.PCMM trojan horse runs in background and connects to the internet. It moves it's file to the system directory, hides and write protects it. Additionally the executable gets added to the system start with a variable name.
[DLoader.CQTU]
Product=DLoader.CQTU
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be the legit windows file winlogon.exe
Privacy=
Description=This trojan horse pretends to be the legit winlogon.exe. It installs itself in to "c:\windows\", while the legit file is located in "c:\windows\system32\".
[Flash.Auto.CN]
Product=Flash.Auto.CN
Company=Coolboy
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an autorun for flashdrives
Privacy=
Description=Supposed function could not be verified. The user interface during installation is unreadable even if chinese language support is installed. The exe copies itself to the windows directory and adds itself to the system start. It then runs in background with every windows start. There is no uninstaller.
[LdPinch.JVR]
Product=LdPinch.JVR
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse connects to the internet in background and submits information to a malicious website. It also bypasses the Windows Firewall.
[Fake.Gmer]
Product=Fake.Gmer
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be the security tool Gmer
Privacy=
Description=This trojan horse pretends to be the security tool Gmer. It runs in background and connects to the internet over port 21 (FTP). It copies itself to the windows directory and registers itself to the systemstart with an unsuspicious name.
[IEReport]
Product=IEReport
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=IEReport downloads a bundle of bad software without user consent. Additionally it creates links on your desktop which lead to potentially unpopular software like Drivecleaner 2006. It also changes your Internet Explorer start page.
[Win32.Agent.amr]
Product=Win32.Agent.amr
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan copies itself as qwertybot.exe into the system directory and hides itself and everything named like it. It installs comdlg77.dll, which is injected into every running process. It connects in background to a server and waits for orders. It also downloads other files from a remote server.
[Spyware-Secure]
Product=Spyware-Secure
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Spyware-Secure claims to be a solution against all kinds of malware and spyware. When the user starts a scan, it finds some harmless files and registry entries as high risk problems and if the user wants to solve these false positives detected by Spyware-Secure he has to purchase a license.
[Tims-Keylogger]
Product=Tims-Keylogger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tims-Keylogger records all keystrokes made by a user. Additionally it is possible to hide the keylogger so it runs without user's awareness.
[SpyLocked.FakeAlert]
Product=SpyLocked.FakeAlert
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyLocked.FakeAlert shows fake messages that look like security updates from Microsoft. If the user clicks on one of these messages the computer starts to download various rouge antispyware tools and other malicious stuff like Smitfraud-C., Smitfraud-C.Toolbar or Fraud.Protectionbar.
[Neospace-Internet-Security]
Product=Neospace-Internet-Security
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Neospace-Internet-Security claims to be a solution against all kinds of malware and spyware. When the user starts a scan, it finds some harmless files and registry entries as high risk problems and if the user wants to solve these false positives detected by Neospace-Internet-Security he has to purchase a license.
[Zlob.VideoActiveXAccess]
Product=Zlob.VideoActiveXAccess
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan downloads and installs various third-party spyware and malware to infected computers.
[Zlob.VideoPlugin]
Product=Zlob.VideoPlugin
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a video codec
Privacy=
Description=This trojan downloads and installs various third-party spyware and malware to infected computers.
[Win32.Murlo.ff.rtk]
Product=Win32.Murlo.ff
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file downloads other trojans and malware onto the system. It creates a unique Internet Explorer ID and installs a browser helper object. It creates some services, of which one is hidden from Windows API (Rootkit function). If you need help with removal please contact Team Spybot S&D via forums or email.
[Fake.AVG-Beta]
Product=Fake.AVG-Beta
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Fake.AVG-Beta claims to be a beta version of the antivirus software AVG. If the computer is infected the malware copies itself to your system directory and system drive. Additionally it tries to connect to the internet. When it is connected it waits for new orders to harm the computer and spy on the user.
[Kidlogger]
Product=Kidlogger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Kidlogger records all keystrokes without the user's awareness or consent about this. So it is possible to spy on the users working and surfing behaviour.
[Hacked.Gmer]
Product=Hacked.Gmer
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be the security tool Gmer
Privacy=
Description=This malware is actually a hacked version of Gmer. It produces various error messages and finally leaves the user with a faked blue screen.
[CliprexDVDPro]
Product=CliprexDVDPro
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a free software DVD Player with codec support for DIVX, XVID and others.
Privacy=
Description=CliprexDVDPro installs NewDotNet, 180Solutions.SearchAssistant, MyWay.MyWebSearch and NewDotNet is only mentioned in the EULA for CliprexDVDPro while other components are displayed clearly during installation. The functionallity brought by CliprexDVDPro does not compensate for the Adware it brings along. Depending on associate program other software can also be installed. The General Public License (GPL) is also getting violated by Cliprex.
[Upd.PWS.CN]
Product=Upd.PWS.CN
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse gets installed via hacked websites. It uses exploits to get installed in background and is made to steal passwords.
[ClonySoft.VistaOneClickActivator]
Product=ClonySoft.VistaOneClickActivator
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=ClonySoft.VistaOneClickActivator installs itself into program directory and tries to connect to the internet in background. The file is named like a real windows file.
[Win32.VB.oz]
Product=Win32.VB.oz
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.oz installs executable files into the windows directory without giving the user a possibility to cancel that process and tries to connect to the internet in background.
[Win32.IRCBot.tk]
Product=Win32.IRCBot.tk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.qt installs itself into windows and system directories, starts itself in autorun as "p2p networking" and tries to connect to the internet in background and tries to establish a connection to an IRC-server.
[Win32.Wsgame]
Product=Win32.Wsgame
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Wsgame installs executable and library files into the windows and system directories. It gets started via an autorun entry named "wincdb" and tries to connect to the internet in background.
[Microsoft.Windows.disableSystemRestore]
Product=Microsoft.Windows.disableSystemRestore
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=By default the system restore points within Windows XP are activated.
Privacy=
Description=If the system restore points have been deactivated by the user or an administrator please ignore this entry. By default the system restore points are acitvated, some malware deactivate the system restore points in preparation of harming the computer.
[MSN-Spy]
Product=MSN-Spy
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=MSN-Spy is a tool to spy on chat conversations of the instant messenger MSN. If the program is installed the user can spy on the network for MSN packages and can read every keystroke made in MSN.
[Zlob.ImageActiveXAccess]
Product=Zlob.ImageActiveXAccess
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to infected computers.
[Zlob.SiteEntry]
Product=Zlob.SiteEntry
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to infected computers.
[Rossvoll.wsa]
Product=Rossvoll.wsa
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a Windows service.
Privacy=
Description=This trojan horse installs itself to system start multiple times labeled as "Windows Service Agent". It runs as wmscc.exe in background an connects to internet relay chat (IRC) servers.
[Rbot.Eetu]
Product=Rbot.Eetu
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a legit Microsoft file
Privacy=
Description=This trojan horse runs in background and connects to internet relay chat servers. It adds itself to the system start as "Microsoft Dll".
[Win32.LdPinch.bia]
Product=Win32.LdPinch.bia
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.LdPinch.bia installs executable files into root and Windows directories. It starts itself in autorun as "System" and tries to connect to the internet in background.It also loads Win32.KeyLogger.fl, Smitfraud-C.
[Win32.OptixPager.se]
Product=Win32.OptixPager.se
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.OptixPager.se installs executable and library files into the system directory. It starts itself in autorun as "Registry Scanner" and tries to connect to the internet in background.
[Win32.QQRob.eo]
Product=Win32.QQRob.eo
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.QQRob.eo installs executable files into the system directory. It starts itself in autorun as "svcshare" and tries to connect to the internet in background.
[MeetingNote]
Product=MeetingNote
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=MeetingNote installs executable files into the root directory. It starts itself in autorun as "worknote1" and tries to connect to the internet in background.
[DrAntispy]
Product=DrAntispy
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware pretends to be a valid antispyware solution. But it only overacts the results and also shows intentional false positives to make the user pay for the full version, which is heavily advertised by the Smitfraud-C. malware. Usually a trial version of DrAntispy gets installed without user consent along with other malware like Smitfraud-C. DrAntispy is the same program as SpySheriff and PestTrap.
[Microsoft.Windows.IEFirewallBypass]
Product=Microsoft.Windows.IEFirewallBypass
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This is beeing flagged whenever the IE is configured to accept incoming connections through the Windows Firewall. Normally the IE does not need to accept incoming connections like servers do. This can be changed by malware but also by online antivirus scanners or other software. If you do not use the Windows Firewall or use online scanners frequently you may want to ignore this.
[Microsoft.Windows.AppFirewallBypass]
Product=Microsoft.Windows.AppFirewallBypass
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This is beeing flagged whenever an application is configured to accept incoming connections through the Windows Firewall. Most applications do not need to accept incoming connections like servers do.
[Win32.Agent.arr]
Product=Win32.Agent.arr
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.arr copies executable and system files into Windows directory, starts itself in autorun as "qservices" and tries to connect to the internet in background.
[Win32.OnLineGames.na]
Product=Win32.OnLineGames.na
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.OnLineGames.na installs executable and library files into Windows directory.
[Win32.SdBot.aij]
Product=Win32.SdBot.aij
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.SdBot.aij copies executable file into Windows directory and starts itself in autorun as "Microsoft Windows Updater" and tries to connect to the internet in background.
[Win32.Viking.Boom]
Product=Win32.Viking.Boom
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Viking.Boom installs executable files into Windows directory, connects to the internet and loads also Win32.Viking.j
[Win32.Viking.j]
Product=Win32.Viking.j
Company=
Threat=Worm
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Viking.j copies a file called "_desktiop.ini" into all existing directories.
[Win32.RAdmin.Zenworks]
Product=Win32.RAdmin.Zenworks
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.RAdmin.Zenworks is a RAT (Remote Administration Tool) that allows its (remote) controller to take control over the infected system. It copies itself to the system directory and opens a connection to the internet for the intruder.
[Win32.Wow.pq]
Product=Win32.Wow.pq
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The downloaded file copies itself to the Windows directory and creates an autorun entry for itself. It also drops files to the temp directory.
[Win32.SdBot.auv]
Product=Win32.SdBot.auv
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs itself as .com file. May communicate via IRC-channel.
[Win32.VBStat]
Product=Win32.VBStat
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VBStat is a trojan which tries to get information about the user's system including IP-address, installed applications, browser plugins, etc.
[Zlob.PPlayer]
Product=Zlob.PPlayer
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to infected computers. Variants of this trojan change the NameServer and DHCPServer settings.
[SpyCrush]
Product=SpyCrush
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Official demo version appears to install normally but finds a lot of false positives, most likely intentional to make the user buy the full version. SpyCrush is the same application as SpywareQuake and Spylocked and is advertised by fake Windows messages.
[Vario.AntiVirus]
Product=Vario.AntiVirus
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit antivirus software
Privacy=
Description=This antivirus software has a different name and company for every language. It also installs files and registry entries that do not appear to be related to a proper antivirus software.
[DeepThroatOrgasm]
Product=DeepThroatOrgasm
Company=CyberStrike
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=DeepThroatOrgasm is a DoS (Denial of Service) attacking program. It is used to crash or hang a program or the entire system of somebody. If you did not install this knowingly you should fix it. Programs like these are often installed and executed by trojans and/or worms to attack other computers on the internet.
[Meliksah]
Product=Meliksah
Company=Meliksah Ozoral
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Meliksah is a DoS (Denial of Service) attacking program. It is used to crash or hang a program or the entire system of somebody. If you did not install this knowingly you should fix it. Often such programs are installed and executed by trojans and/or worms to attack other computers in the internet.
[Win32.Mediket.cz]
Product=Win32.Mediket.cz
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan downloader. Connects to a malicious website downloads cab-files and installs them.
[Win32.Agent.ac]
Product=Win32.Agent.ac
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojans which redirects your computer to specified websites.
[Win32.Joiner.d]
Product=Win32.Joiner.d
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Joiner.d copies files into the temp directories and tries to connect to the internet in background without giving the user a possibility to cancel that process.
[Win32.Agent.brf]
Product=Win32.Agent.brf
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.brf installs executable files into the Windows directory without giving the user a possibility to cancel that process.
[Win32.ServU]
Product=Win32.ServU
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.ServU downloads and installs library files without giving the user a possibility to cancel that process.
[Win32.Banker]
Product=Win32.Banker
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Banker installs executable files into "Windows\system32" without giving the user a possibility to cancel that process.
[Banker.Winload]
Product=Banker.Winload
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse runs in background. It registers itself to the system start as winload and winloader and names its files to look like legit Microsoft files. It logs keystrokes, folder access and browsed websites and saves them to a ioerrors.txt.
[RBot.IRC]
Product=RBot.IRC
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse acts as an internet relay chat server (IRC) and connects to the internet in background. It is capable of deleting its files to cover its tracks.
[ServU.Boo.ce]
Product=ServU.Boo.ce
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse installs a hidden file transfer server on the victim's computer and waits for incoming transmissions.
[Virtumonde.WinPop]
Product=Virtumonde.WinPop
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse downloads and installs itself without user notice. It adds itself to the system start and runs in background until the user browses the internet. When internet browsing is detected, the trojan will also display advertising popups.
[WinBot.IRC]
Company=
Product=WinBot.IRC
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse installs itself as "Windows Config" in the system start and runs in background as an internet relay chat (IRC) server. It connects to the internet and waits for incoming instructions.
[Win32.Agent.APN]
Product=Win32.Agent.APN
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.APN copies a library file into the system directory, starts itself in autorun as "ttp.exe" and tries to connect to the internet in background without giving the user a possibility to cancel that process.
[Win32.Agent.brs]
Product=Win32.Agent.brs
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.brs copies an executable file into the Windows directory and starts itself in autorun as "Microsoft". Furthermore it tries to connect to the internet in background without giving the user a possibility to cancel that process.
[Win32.Banload.bfo]
Product=Win32.Banload.bfo
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Downloads other trojan horses to the infected computer.
[Win32.Delf.ado]
Product=Win32.Delf.ado
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.ado copies executable files into system directories, changes registry settings and opens ports in background. The trojan horse registers one of it's downloaded files as a service and disguises parts of it as RAdmin.
[Win32.Poison.k]
Product=Win32.Poison.k
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It connects to the internet in background without user consent.
[Exploit.Anifile]
Product=Exploit.Anifile
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file appears to be a picture or a cursor or an animated cursor file, but is a downloader instead. It contains code to download executable file from a specified address.
[Poison.Ivy]
Product=Poison.Ivy
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Poison.Ivy copies itself to the Windows directory and installs into the registry. It records all keystrokes made by the user and tracks all working and surfing behaviour. Additionally it tracks all information about the system, errors, used programs and so on.
[Orvell-Monitoring 2007]
Product=Orvell-Monitoring 2007
Company=ProtectCom Software
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Orvell-Monitoring 2007 is a commercial spyware tool to observe the computer. It tracks all keystrokes made by the user, saves all visited webpages and creates screenshots of every used program without user's awareness.
[Win32.Dluca.CC]
Product=Win32.Dluca.CC
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Dluca.CC copies itself to the Windows directory and creates a desktop icon that is linked to a porn website. Additionally it adds itself to the favorites of the Internet Explorer without asking for permission.
[Win32.Vixup.b]
Product=Win32.Vixup.b
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Vixup.b copies an executable file into the system directory, starts itself via autorun as "Systems" without giving the user a possibility to cancel that process.
[Win32.Agent.bid]
Product=Win32.Agent.bid
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.bid copies an executable file into Windows directory, starts itself via autorun as "Firewall auto setup" without giving the user a possibility to cancel that process. Also blocks some buttons in applications (e.g. 3 main buttons in SpyBot).
[Win32.Banbra.gi]
Product=Win32.Banbra.gi
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Starts itself via autorun as "Windows Update" without giving the user a possibility to cancel that process.
[Win32.Agent.aah]
Product=Win32.Agent.aah
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.aah copies an executable file into windows and system directory without giving the user a possibility to cancel that process.
[Munga_Bunga]
Product=Munga_Bunga
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Munga_Bunga copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
Description=NousTech.UCleaner gets downloaded by adware. It claims to be a PC cleaning tool. When the user starts a scan, it finds some harmless cookies declared as high risk security problems. If the user wants to get these problems fixed by UCleaner he has to purchase a license.
[3wPlayer]
Product=3wPlayer
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a freeware video player software supporting its own codec.
Privacy=
Description=Video functions cannot be confirmed, 3wPlayer also installs trojan horses labled as advertising which is only disclosed in the premarked EULA. Uninstallation of the advertising is possible through the add/remove software menu but requires a lot more effort than installing the software. Company hides through Domains by Proxy. Mainfunction appears to be the installation of CiD.IEPop
[CiD.IEPop]
Product=CiD.IEPop
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be an adware component that comes with alleged freeware.
Privacy=
Description=Installation is not properly disclosed while uninstallation requires the user to enter a capture. CiD runs in background with variable system start values and filenames. It opens the Internet Explorer with 2 instances in background and makes not stated connections to the internet and causes popup windows.
[Fakealert.BraveSentry]
Product=Fakealert.BraveSentry
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a Windows Security Center warning message.
Privacy=
Description=The Fakealert.BraveSentry trojan horse shows fake warning messages, downloads and installs the fake AntiSpyware tool BraveSentry.
[Win32.Inject.bw]
Product=Win32.Inject.bw
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Inject.bw copies itself to the system directory and runs in the background. The program also takes up a lot of system resources slowing down the computer noticeably. Additionally it tracks the working behaviour of the user.
[Win32.Small.rc]
Product=Win32.Small.rc
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.rc installs executable files into system directories, starts itself in autorun as "Windows Reg Services" and tries to connect to the internet in background.
[Win32.Delf.C]
Product=Win32.Delf.C
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.C installs executable files into system directories, starts itself in autorun as "Bandook".
[Win32.Atmamds]
Product=Win32.Atmamds
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Atmamds installs its executable file into system directory in background and registers the file to the explorer policies.
[Win32.FlashyBot]
Product=Win32.FlashyBot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.FlashyBot installs itself into system directory, starts itself in autorun as "Flashy Bot" and tries to connect to the internet in background.
[Win32.OnLineGames.dz]
Product=Win32.OnLineGames.dz
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.OnLineGames.dz copies a library file into the system directory without user consent. Registers library to Windows explorer without user consent.
[Win32.Obfuscated.en]
Product=Win32.Obfuscated.en
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Obfuscated.en creates a directory and copies a file into the program directory without user consent. Installs files related to the popup trojan "CiD.IEPop".
[Win32.Hupigon.FB]
Product=Win32.Hupigon.FB
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Hupigon.FB installs executable files into the windows and system directories without giving the user a possibility to cancel that process. Uses Windows Media Player icon for disguise.
[Delf.DDOS.fi]
Product=Delf.DDOS.fi
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse adds itself as winconf to the system start. It runs in background and causes a distributed denial of service (ddos) attack on gmer.net.
[Banker.phb]
Product=Banker.phb
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit file
Privacy=
Description=This trojan horse runs in background and establishes smtp connections to its servers. It also registers a non existent file to the system start.
[Clicker.BWJob]
Product=Clicker.BWJob
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to belong to the Windows Security Center
Privacy=
Description=This trojan horse disguises its files with a Windows Security Center icon to look like legit files. It references a website which is apparantly used to provide a fixed site for downloads only.
[Rootkit.Dayoff.Process]
Product=Rootkit.Dayoff.Process
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some legit Windows services
Privacy=
Description=This trojan horse installs itself as a service in background and starts some processes like the Internet Explorer and itself hidden by rootkit functions (hidden from Windows API). For removal please use the tool Gmer to kill the processes hidden from Windows API.
[Win32.Agent.VB.aoh]
Product=Win32.Agent.VB.aoh
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware runs in background and tries to execute a file named ghost.exe or ghost.exe.exe located in the same directory. If none of the files is present it terminates with an errormessage that the file have not been found. The message window is labled with "x". Depending on the ghost.exe located in the directory respective malware, trojan or worm functions will be executed.
[Win32.Viking.le]
Product=Win32.Viking.le
Company=
Threat=Worm
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This worm runs in background and infects all exe files on the computer with addtional 38912 KB of code. It opens the Internet Explorer and connects to a czech website which redirects to a vietnamese website. The worm also scans the local network, drops a _desktop.ini in many directories and makes the Windows Explorer listen on incoming UDP connections.
[Xorpix.a]
Product=Xorpix.a
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be legit Windows software
Privacy=
Description=This trojan horse runs and installs itself in background, it also downloads other trojans and malware. It registers its files for the Winlogon to have them started at logon time.
[Yazzle]
Product=Yazzle
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some kind of game package
Privacy=
Description=This package is frequently installed in background by trojan horses. In most cases it does not run automatically and just lies dormant on the computer.
[Zango.WindUpdates]
Product=Zango.WindUpdates
Company=Zango
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to deliver access to media
Privacy=
Description=WindUpdates was known for delivering malware through exploits while using a name which sounds similar to windows updates. Website now belongs to Zango though this is not directly visible. Software referencing windupdates also refers to another domain belonging to 180Solutions/Zango.
[Crypt.XPACK]
Product=Crypt.XPACK
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be part of a software crack
Privacy=
Description=This trojan horse is supposed to be a part of a crack package for popular software like games. It is executed in background after extraction from an archive along with Virtumonde and other trojan horses.
[Maran.J]
Product=Maran.J
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It installs an exe file and a library file in the windows and system directory. Additionally it creates Winsock Lsps which can cause hijacking and/or spying on all network connections. A service is installed to load the malicious exe file on every windows startup.
[Stud.A]
Product=Stud.A
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Stud.A installs a library in the system directory and also an Browser Helper Object which is started on every Internet Explorer startup. It connects to advertising servers without user consent.
[NousTech.UFixer]
Product=NousTech.UFixer
Company=Nous-Tech Solutions Limited
Threat=Malware
CompanyURL=http://ucleaner.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=NousTech.UFixer gets downloaded by adware. It claims to be a PC cleaning tool. When the user starts a scan, it finds some harmless cookies declared as high risk security problems in order to scare people. If the user wants to get these problems fixed by UCleaner he has to purchase a license.
[NousTech.UltimateFakeSecurityCenter]
Product=NousTech.UltimateFakeSecurityCenter
Company=Nous-Tech Solutions Limited
Threat=Malware
CompanyURL=http://ucleaner.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=NousTech.UltimateFakeSecurityCenter gets downloaded by malware. It is designed like the Windows Security Center and most of the Nous-Tech malware applications like NousTech.UFixer and NousTech.UCleaner get downloaded through the Fake Security Center.
[Win32.Agent.aix]
Product=Win32.Agent.aix
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.aix copies itself into the temp directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer and displays a lot of advertisement.
[Tisemabana]
Product=Tisemabana
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tisemabana installs itself into application data directory, starts itself via autorun as "iaueo" and tries to connect to the internet in background.
[Win32.Bobic.n]
Product=Win32.Bobic.n
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Bobic.n copies executable files into system directory, starts itself via autorun as "gyr" without giving the user a possibility to cancel that process.
[Win32.Agent.bbb]
Product=Win32.Agent.bbb
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.bbb copies an library file into the system directory, starts itself via autorun as "Desktop", connects to the internet in background. Loads also WSearch, RooGoo, Smitfraud-C.KooWo and HB.RichMedia.
[Vanbot]
Product=Vanbot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Vanbot is a backdoor program which can communicate via IRC. It is able to download and execute files or to supply information about the user's system.
Functionality=Install a tool which provides "Over $100 in printable coupons right from your browser. Keep informed of the latest offers. Contains no adware or spyware. Coupons from companies like General Mills, Kimberly Clark, Nestle, and Johnson & Johnson."
Privacy=[...]Coupons, Inc. uses the information that we collect to operate, maintain, and provide to you all of the coupons and promotional offerings found on the Sites and for other non-marketing or administrative purposes such as notifying you of major service updates or for customer service purposes. %0D%0ACoupons, Inc. uses all of the information that we collect from our Consumers to understand the usage trends and preferences, to improve the way the Sites work and look, to improve our marketing and promotional efforts, and to create new features and functionality. %0D%0ACoupons, Inc. uses "automatically collected" data to (a) process and record coupon printing and redemption activity; (b) store information so that you will not have to re-enter it during your visit or the next time you use the Sites; (c) provide custom, personalized coupon promotions, advertisements, content, and information; (d) monitor the effectiveness of marketing campaigns; and (e) monitor aggregate usage metrics such as total number of visitors and pages viewed. [...]%0D%0ACoupons, Inc. discloses "automatically collected" data (such as coupon print and redeem activity) to its Clients and third-party ad servers and advertisers. These third parties may match this data with information that they have previously collected about you under their own privacy policies, which you should consult on a regular basis. %0D%0A[...]
Description=The downloaded file installs a toolbar and a Browser helper object (BHO). The BHO connects to coupons.com at every Internet Explorer startup in order to download latest updates. The toolbar displays bonus vouchers which can be printed or used online. When uninstalled, nearly all the files and registry entries remain on the system.
[ClipRex.DVDCodec]
Product=ClipRex.DVDCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to deliver the free for non commercial use DVD codec by the Fraunhofer institute.
Privacy=
Description=The ClipRex.DVDCodec installs NewDotNet, MyWayWebSearch, MyWay.MySearchAssistant , eZula HotText. Some of the components are stated in the Eula only, while the eZula HotText Spyware is installed without any user consent. eZula HotText connects to the internet in Background at every system start. Since the original DVD codec is free for non commercial usage the user does not get any benefit from these installations, additionally the eZula HotText is not uninstallable. ClipRex also violates the Fraunhofer license for the use and distribution of the codec, since ClipRex does have a commercial purpose by including various 3rd party software to sponsor ClipRex. The installation of NewDotNet may cause loss of network connectivity on some computer reboots.
[Win32.Hupigon.pv]
Product=Win32.Hupigon.pv
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Hupigon.pv copies a library file into the Internet Explorer directory and tries to disguise using two suffixes. Also related to Win32.Hupigon.c
[Win32.Delf.dtm]
Product=Win32.Delf.dtm
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.t copies an executable file into root directory without giving the user a possibility to cancel that process.
[VirusLocker]
Product=VirusLocker
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Official demo version appears to install normally but finds a lot of false positives, most likely intentional to make the user buy the full version. VirusLocker is in close relation to SpywareQuake and Spylocked and is advertised by fake Windows messages.
[Win32.Agent.hjo]
Product=Win32.Agent.hjo
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.hjo copies itself into the system folder of the operating system. It claims to be an update for the Internet Explorer.If the user agrees to install these updates his Internet Explorer gets hijacked to webpages with adult content.
[Win32.Agent.BN]
Product=Win32.Agent.BN
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.BN copies itself into the system folder of the operating system. When it is installed it hijacks the Internet Explorer and downloads some rouge antispyware programs.
[Zlob.DNSChanger.Rtk]
Product=Zlob.DNSChanger.Rtk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Zlob.SecurityTools]
Product=Zlob.SecurityTools
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Zlob.XXXAccess]
Product=Zlob.XXXAccess
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[I-Won]
Product=I-Won
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to deliver search assistance.
Privacy=
Description=I-Won comes as a browser addon which is not properly disclosed and thus can be unwanted.
[Win32.Silent.ce]
Product=Win32.Silent.ce
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse disguises itself as system file and compromises the computers security.
[Win32.FakeClient]
Product=Win32.FakeClient
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse disguises itself as system files and compromises the computers security.
[Peflog.RP]
Product=Peflog.RP
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse disguises itself as system files and compromises the computers security.
[Win32.SpyBuddy.c]
Product=Win32.SpyBuddy.c
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse disguises itself as system files and compromises the computers security.
[Win32.Small.ay]
Product=Win32.Small.ay
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse disguises itself as system files and compromises the computers security.
[Win32.Joel]
Product=Win32.Joel
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse disguises itself as system files and compromises the computers security.
[Ourxin.A]
Product=Ourxin.A
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse disguises itself as system files and compromises the computers security.
[Win32.Agent.Zz]
Product=Win32.Agent.Zz
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse disguises itself as system files and compromises the computers security.
[Win32.Bancos.aam]
Product=Win32.Bancos.aam
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Bancos.aam copies an executable file into the system directory, starts itself in autorun as "runner1" and tries to connect to the internet in background without giving the user a possibility to cancel that process. It appears that this trojans enables remote control of the infected computer. It disguises itself as userinit in system start.
[Win32.SdBot.FirewallControls]
Product=Win32.SdBot.FirewallControls
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.SdBot.FirewallControls copies an executable file into the system directory, starts itself in autorun as "Firewall Controls" and tries to connect to the internet in background without giving the user a possibility to cancel that process.
[CoolWWWSearch.PinAccessCode]
Product=CWS.PinAccessCode
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=CWS.PinAccessCode installs a library file into the windows directory and starts Internet Explorer (IE) and shows sites with pornographical content. Loads also CoolWWWSearch.
[Win32.Agent.bgy]
Product=Win32.Agent.bgy
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.bgy copies an executable file into the window directory without giving the user a possibility to cancel that process.
[Win32.Poison.l]
Product=Win32.Poison.l
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Poison.l copies an executable file into the window and the system directory without giving the user a possibility to cancel that process and devours a lot of system resources slowing down the computer.
[Ask.MyGlobalSearch]
Product=Ask.MyGlobalSearch
Company=IAC Search & Media
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a search toolbar
Privacy=This is a legal contract between you and IAC Search & Media, Inc. You must agree to this contract and abide by its terms in order to download and use MyGlobalSearch. You must be 18 years of age in order to agree to this contract and download this product. IF YOU ARE NOT YET 18, PLEASE ASK YOUR PARENT OR GUARDIAN TO DOWNLOAD MYGLOBALSEARCH FOR YOU. The Toolbar, in the course of processing a given search query, sends a request to our servers. This request includes the keyword query, time of day, browser type, default language setting, IP address, an anonymous unique ID, and a code which identifies the distribution source of the Toolbar used by you to conduct your search. For example, this data provides us with: information on which language you prefer to use; aggregated click information for the purpose of ensuring that our search partners are appropriately compensating us; information that allows us to make accurate payments to our distributors; aggregated usage and retention information; and aggregated search query information for the purpose of further monetizing commercially oriented search keywords. [...] all information about search activity is evaluated only on an aggregated basis (excepted in response to a customer service inquiry [...]
Description=Not properly disclosed material facts during installation. For instance age restriction must be disclosed properly outside the EULA. Time and IP address result in personally identifiable data. Privacy apparantly state that information can be and will be sold to business partners.
[Crypt.RegScan]
Product=Crypt.RegScan
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a registry tool from Microsoft
Privacy=
Description=This trojan horse pretends to be a registry scanner from Microsoft, it runs in background and adds itself to the system start.
[Talex.FTP.RegScan]
Product=Talex.FTP.RegScan
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a registry tool by Microsoft
Privacy=
Description=This trojan horse pretends to be a legit Microsoft tool for the registry. It runs in background and installs itself to the windows directory. It also creates a ftpcache subdirectory in the windows directory. Talex.FTP.RegScan also adds itself to the system start.
[Srv.RegScan.quk]
Product=Srv.RegScan.quk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit registry tool by Microsoft
Privacy=
Description=This trojan horse runs in background, adds itself to the system start and listens for incoming connections from the internet. It disguises as a registry scanner by Microsoft.
[Goldun.IESwap]
Product=Goldun.IESwap
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse runs in background and swaps the Microsoft Internet Explorer (IE) and the Microsoft file protection library with its own versions. Subsequently the IE does not work anymore or connects to a malicious site in background while the IE is being used. Removal requires to have a second scan after removal to get the original IE and file protection library back. A reboot may also be necessary to get the IE work again.
[SpyShredder]
Product=SpyShredder
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware pretends to be a valid antispyware solution. But it only exaggerates the results, and also shows intentional false positives to make the user pay for the full version, which is heavily advertised by the Smitfraud-C. malware. Usually a trial version of SpyShredder gets installed without user consent along with other malware like Smitfraud-C.
[CrazyGirls]
Product=CrazyGirls
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=SOFTWARE LICENSE. Subject to the User's acceptance and continued compliance with these terms and conditions, the Provider hereby grants the User a royalty-free, non-exclusive license to use the Software and its components. Save for the right to use the Software expressly provided for in this License, all title to and rights in the Software and its components including without limitation all copyright and other intellectual or industrial property rights remain the property of the Provider or its affiliates or licensors.%0D%0A2. This License is valid to the extent that any Computer on which the Software and/or its components are used is located in the territory indicated by the User when installing the Software. If the User does not live or is not normally resident in a territory in which the Provider expressly offers its services, the User must not install or use the Software nor its components.%0D%0A3. This License is granted for the User's private use only. No User or any other person may decompile, reverse engineer, disassemble or decode the Software or its components or attempt to ascertain their source code by any means, nor modify, adapt, translate or create derivative works based on the Software or its components. No User or other person may sell, rent, lease, distribute, transfer, assign, sublicense or otherwise deal with the Software, its components or any of the rights granted under this License.%0D%0A4. The proper use and functioning of the Software requires it or its components to be automatically and remotely updated by the Provider. The User hereby authorizes the Provider to carry out such automatic, remote updates in order to improve, adapt and enable use of the Software. The User accepts that these Conditions, including any future variations thereto, will apply to all updates of the Software and/or its components.%0D%0A5. The Software is provided "as is" without warranty of any kind, either express or implied, including without limitation any warranty of merchantability and/or fitness for a particular purpose. The Provider makes no warranty and/or representation that the Software and/or its components will meet the User's requirements or that the operation of the Software or connection to any content will be uninterrupted or error or virus free.%0D%0ALIABILITY%0D%0A%0D%0A6. THE USER IS AWARE AND VOLUNTARILY ACCEPTS THAT THE INSTALLATION AND/OR USE OF THE SOFTWARE AND/OR ITS COMPONENTS TAKES PLACE EXCLUSIVELY AT HIS OR HER OWN RISK.%0D%0A%0D%0A7. TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE PROVIDER HEREBY EXCLUDES ALL LIABILITY IN RESPECT OF:%0D%0A%0D%0Aa) LOSS OR DAMAGE, LOSS OF PROFITS AND ANY OTHER LOSSES, WHETHER DIRECT, INDIRECT OR CONSEQUENTIAL;%0D%0A%0D%0Ab) ANY CLAIM MADE AGAINST THE USER BY ANY THIRD PARTY;%0D%0A%0D%0Ac) ANY CLAIM, LOSS OR DAMAGE THAT MAY BE CAUSED BY THE SOFTWARE AND/OR ITS COMPONENTS AND/OR THE SERVICE OR THE USE OF OR NON-FUNCTIONING OF THE SOFTWARE AND/OR ITS COMPONENTS AND/OR THE SERVICE. IN THE EVENT OF MALFUNCTION OF THE SOFTWARE, THE PROVIDER'S TOTAL LIABILITY SHALL BE LIMITED TO REPLACEMENT OF THE SOFTWARE; AND/OR%0D%0A%0D%0Ad) DAMAGE, CLAIMS OR LIABILITIES ARISING OUT OF ANY OF THE FOLLOWING:%0D%0A%0D%0Ai) THE CONTENT (INCLUDING WITHOUT LIMITATION ITS NATURE OR ANY INTELLECTUAL PROPERTY RIGHTS THEREIN) OF ANY WEBSITE, TELEPHONE SERVICE OR ANY OTHER DATA, IMAGES OR SOUNDS WHATSOEVER THAT THE USER MAY ACCESS USING THE SOFTWARE AND/OR ITS COMPONENTS AND/OR THE SERVICE;%0D%0A%0D%0Aii) LIABILITY TO ANY EMPLOYER, PRINCIPAL, CLIENT, OR LESSOR OR PROVIDER OF COMPUTER EQUIPMENT OR FACILITIES, ARISING OUT OF THE INSTALLATION OF, USE OF, OR ACCESSING OF ANY CONTENT BY MEANS OF THE SOFTWARE AND/OR ITS COMPONENTS AND/OR THE SERVICE;%0D%0A%0D%0Aiii) ANY CHARGES WHICH THE USER MAY INCUR TO ANY TELECOMMUNICATIONS SERVICE OR NETWORK OR ANY CONTENT PROVIDER.%0D%0A8. These Conditions are available only in English. The conditions under which the User contracts for the service will not be stored individually. The up to date version of the Conditions will always be made available at the following link: http://legal.electronic-group.com/t_c_en.html. The Provider reserves the right to amend these Conditions from time to time for legal reasons or because of changes in the provision of the service. If these Conditions are modified, the User may terminate this agreement at any time simply by uninstalling or deleting the Software and its components or ceasing to use the service.%0D%0ACHOICE OF LAW AND COMPETENT COURTS%0D%0A9. To the extent that the User is a consumer, in respect of any dispute arising out of these Conditions the Provider hereby submits to the jurisdiction of the courts of the home state of the User. If the User is not a consumer, or even if a consumer then to the extent permitted by applicable law, the competent courts in respect of any such dispute shall be the courts of the domicile of the Provider.%0D%0A10. These Conditions shall be governed by and construed in accordance with the law of the domicile of the Provider, without prejudice to the mandatory rules of the courts hearing the matter as well as mandatory consumer protection rules.%0D%0A11. Should any part of these Conditions be or be found to be invalid, illegal or unenforceable, this shall in no way affect the validity of the remaining parts.%0D%0A
Description=Tries to connect via modem to an expensive website, while pretending to be harmless.
[LordOfTibia]
Product=LordOfTibia
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=LordOfTibia copies executable files into system directories without giving the user a possibility to cancel that process. Tries to masquerade using names similar to system files.
[MSNRaptor]
Product=MSNRaptor
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=MSNRaptor connects to the internet in background and downloads executable files without giving the user a possibility to cancel that process.
[Nod32Crack]
Product=Nod32Crack
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Pretends to be a crack for the commercial antivirus software Nod32Crack. Nod32Crack copies an executable file into the system directory and connects to the internet in background without giving the user a possibility to cancel that process.
[Win32.Agent.pb]
Product=Win32.Agent.pb
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.pb installs itself into the Windows directory, starts itself in autorun as "Fontview" and tries to connect to the internet in background. Tries to masquerade using names similar to system files.
[Win32.Delf.eq]
Product=Win32.Delf.eq
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.eq installs itself into the Windows and system directory, starts itself in autorun as "svchost" and tries to connect to the internet in background.
[Win32.ZenoSearch]
Product=Win32.ZenoSearch
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.ZenoSearch copies an executable file into windows directory, starts itself in autorun as "{48-84-44-41-ZN}" , "TA_Start.lnk" and tries to connect to the internet in background without giving the user a possibility to cancel that process.
[Win32.Sdbot.alz]
Product=Win32.Sdbot.alz
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Sdbot.alz copies itself into the system directory of the operating system and adds a special service to start automatically at the system startup. It disables all Windows Security configurations and tries to make the computer vulnerable to other malware.
[Win32.Agent.brk.rtk]
Product=Win32.Agent.brk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file downloads other trojans and malware onto the system. It installs software which is hidden from Windows API (Rootkit function). If you need help with removal please contact Team Spybot S&D via forums or email.
[Win32.SdBot.bkx]
Product=Win32.SdBot.bkx
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This is a backdoor program which enables other malware to infect the users system.
[NousTech.SecurityCenter]
Product=NousTech.SecurityCenter
Company=Nous-Tech
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be the Windows Security Center
Privacy=
Description=This is a fake security center that gets installed in background by trojan horses like Zlock.uc. It gives a fake warning and presents the user with a fake security center interface where NousTech fake security software can be installed.
[Zlock.uc]
Product=Zlock.uc
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Zlock.uc comes as a browser helper object (BHO) which runs in background once started and connects to the internet in background. It downloads and installs other trojans like the NousTech.SecurityCenter which tricks users to download and buy NousTech's rogue security tools.
[Keygen.elk]
Product=Keygen.elk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a key generator.
Privacy=
Description=This trojan horse runs in background and tries to access numerous system files, it creates a buffer overflow which can be used to exploit the system.
[Tibiabot.crk]
Product=Tibiabot.crk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be cracked a versions of the TibiaBot, a bot for the online game Tibia
Privacy=
Description=This trojan horse pretends to be a cracked version of the TibiaBot, gamebot for the online game Tibia. It runs in background, installs itself to the system start, connects to the internet in background and fakes to be volume control.
[MagicAntiSpy]
Product=MagicAntiSpy
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit antispyware application
Privacy=
Description=This trojan horse installs itself in background. It is not uninstallable via the uninstaller, shows many intentional false positives and urges the user to buy a license. It is identical to other fake antispyware products like PestTrap, Spyshredder, SpySheriff.
[Search2Find]
Product=Search2Find
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit websearch site
Privacy=
Description=This trojan horse installs itself and runs in background, it causes popups with advertising for fake antispyware products like ucleaner. It also drops desktop icons which direct to its fake websearch site. Search2Find also runs in background and listens for incoming connections. It also tries to make the user install an Image ActiveX Object.
[Tibiabot.pk]
Product=Tibiabot.pk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a cracked version of the Tibia game bot Tibiabot
Privacy=
Description=This trojan horse pretends to be a game bot but installs a keylogger in background to spy on the user's computer.
[Win32.Bifrose.kt]
Product=Win32.Bifrose.kt
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Bifrose.kt copies an executable file into the system directory, starts itself in autorun as "MDM" and tries to connect to the internet in background without giving the user a possibility to cancel that process.
[Win32.Hupigon.mc]
Product=Win32.Hupigon.mc
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Hupigon.mc copies files into the program directories, connects to the internet in background without giving the user a possibility to cancel that process.
[Win32.Agent.arc]
Product=Win32.Agent.arc
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.arc copies an executable file into the windows directory, starts itself in autorun as "Windows Update" and tries to connect to the internet in background without giving the user a possibility to cancel that process.
[Win32.VLAuto]
Product=Win32.VLAuto
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VLAuto copies executable files into the system folder without giving the user a possibility to cancel that process.
[Win32.IceSword]
Product=Win32.IceSword
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.IceSword copies files into system and root directories, connects to the internet in background without giving the user a possibility to cancel that process.
[Win32.Magania.rs]
Product=Win32.Magania.rs
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Magania.rs copies a library and executable files into system and windows directories without giving the user a possibility to cancel that process.
[AdsContex.URLChanger]
Company=
Product=AdsContex.URLChanger
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This browser hijacker installs a browser helper object (BHO) and loads with the Internet Explorer in background. It connects to its malicious server in background and redirects many websites to servers related to a fake search site or porn sites.
[Ardamax.Rose]
Product=Ardamax.Rose
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a hack/cheat for the game RoseOnline
Privacy=
Description=This trojan horse pretends to be a game cheat and installs the Ardamax keylogger in background.
[Spambot.bxz]
Product=Spambot.bxz
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be system files responsible for internet connectivity
Privacy=
Description=This trojan horse is able to replace system files like ndis.sys and tcpip.sys. It runs in background and is able to start an smtp engine to send emails without user notice. Removal may require to reinstall the files from a Windows CD to reenable network connectivity.
[Hupigon.BitLord]
Product=Hupigon.BitLord
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a cracked version of the bittorrent client named BitLord
Privacy=
Description=This trojan horse pretends to be a cracked version of the bittorent client BitLord. It runs in background and installs an IRC server which can enable a remote attacker to control the infected computer.
[DR.Small.n]
Product=DR.Small.n
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware runs in background, it adds itself several hundred times to the task scheduler to run every 10 minutes. It shuts down security software and hijacks the hosts file to block software security sites. This malware is also able to shutdown Spybot S&D using the Windows taskkiller. Thus it is advised to use the Teatimer to stop DR.Small.n from executing its files.
[Win32.Agent.byh]
Product=Win32.Agent.byh
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Once executed Win32.Agent.byh copies itself to the system directory and creates a scriptfile in the same directory. An autorun entry is created to be loaded every windows startup. It connects to many servers in the internet without user consent.
[AzeSearch]
Product=AzeSearch
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AzeSearch installs a toolbar in the Internet Explorer (IE) without giving the user a possibility to cancel that process.
[Win32.Delf.vw]
Product=Win32.Delf.vw
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.vw connects to the internet in background without giving the user a possibility to cancel that process.
[Win32.Agent.bnx]
Product=Win32.Agent.bnx
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.bnx copies executable files into system and windows directories, changes registry settings (fakes a service entry) without user consent.
[Win32.Peed]
Product=Win32.Peed
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan opens a few ports of the infected system and disguises using rootkit functionality. It installs additional executable files onto the system. If you have problems uninstalling Win32.Peed please contact our support team.
[Win32.Small.Of]
Product=Win32.Small.Of
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.Of gets installed into the system directory of the operating system and waits until the Internet Explorer (IE) gets started. When the IE is started it creates an autorun entry and causes a lot of network traffic and eats up system ressources so it is nearly impossible to use the infested computer.
[Zlob.XXXPlugin]
Product=Zlob.XXXPlugin
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Burstmedia]
Product=Burstmedia
Company=Burstmedia
Threat=Cookie
CompanyURL=http://burstmedia.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=All users who receive an ad served by Burst retain complete anonymity where Burst is concerned. As ads are delivered, Burst does not acquire or collect any personal information about you. Your name, address, phone number, and email address all remain your private property. Burst does, however, collect information that is specific to how you use the Internet. Burst servers note non-personally identifying details such as, but not limited to, the server you are logged onto, the geographic location of the ISP you use, the type of browser you use, and your IP address. This information is obtained solely for the purpose of targeting ads and measuring a given ad's effectiveness on behalf of Burst clients and customers.
Description=Burstmedia serves advertising and may deploy cookies to track the users behavior concerning the advertising. Personal identifiable information such as visited website, your internet service provider and your IP address can be stored and used for tracking.
[DoctorSpyware]
Product=DoctorSpyware
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an antispyware tool
Privacy=
Description=Does not appear to be working at all, scanning appears to be just a visual effect.
[EZ-Snoop.Server]
Product=EZ-Snoop.Server
Company=ATConsulting LLC
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This is a commercial Spyware that is made to spy on other users in the local network. A configuration file and a server component need to be copied and started on the computers that are to be monitored. Since the monitoring is done without user notice this may impact your personal privacy.
[SDBot.SideBySide]
Product=SDBot.SideBySide
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a link file that is sent via MSN
Privacy=
Description=This trojan horse is spread as a pif file through instant messengers like MSN. It appears to be a link and runs in background once executed. It is able to send itself to other contacts via the instant messenger and block the user from sending messages.
[WarezP2P.cck]
Product=WarezP2P.cck
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WarezP2P.cck runs in background, submits various data to its malicious servers, loads the Internet Explorer in background and causes popup advertising without user consent.
[SurfSpy]
Product=SurfSpy
Company=SureShot
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SurfSpy is a commercial spyware that is installed on a computer to secretly monitor other users. It is able to record many personal information and transmit it via email to a predefined address.
[Crypt.Spambot.qk]
Product=Crypt.Spambot.qk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a printer spooler service
Privacy=
Description=This trojan horse runs in background and installs itself as a service. It is also registered in system start and connects to the internet in background. It uses smtp (email) connections.
[Click.Agent.np]
Product=Click.Agent.np
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse runs in background and connects to its malicious server.
[Smitfraud-C.MSVPS]
Product=Smitfraud-C.MSVPS
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit browser helper object
Privacy=
Description=this trojan horse looks like a legit browser helper object but connects to malicious websites once the Internet Explorer is started. It also gathers data about the visited websites and stores them with an ID in a text file.%0D%0A%0D%0ASpecial thanks to CastleCops for additional infos.
[Virtumonde.rtk]
Product=Virtumonde.rtk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse gets installed along other trojan horses. It runs in background and connects to its malicious webservers. It is also able to hide its files from the Windows API by using rootkit functionality.
[SpyDefender]
Product=SpyDefender
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyDefender claims to be an antispyware solution. When the user starts to scan the computer the software shows some dangerous problems that are false positives and wants the user to buy a licence otherwise he would not be able to fix the problems. SpyDefender is related to Winfixer and WinAntivirusPro.
[Kolweb-N]
Product=Kolweb-N
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Kolweb-N installs itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Fake.Sys-Browser]
Product=Fake.Sys-Browser
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Fake.Sys-Browser claims to be a secure internet browser. When the user tries to install Fake.Sys-Browser it installs a trojan horse to the computer and makes it vulnerable.
[ISearchTech]
Product=ISearchTech
Company=ISearch Technologies
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It downloads products of ISearch Technologies. After installation has been finished it connects to a malicious website and executes a script on that server. Often it could be found in cracks for games etc.
[Win32.Kwod.a]
Product=Win32.Kwod.a
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs an invisible browser helper object without prompting. The version info is similar to the one of a Windows file, but has been faked.
[Win32.Agent.afy]
Product=Win32.Agent.afy
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan causes buffer overflows when executed which may enable other rootkit activities. Thus it threatens system stability and integrity.
[Win32.SdBot.crt]
Product=Win32.SdBot.crt
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Once executed Win32.SdBot.crt creates a file in the system directory and autorun entries to be loaded on every windows start. It tries to download files from the internet.
[Win32.SdBot.bfl]
Product=Win32.SdBot.bfl
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Once executed Win32.SdBot.bfl creates a file in the system directory and autorun entries to be loaded on every windows start.
Functionality="Do you want to know what your buddy or colleague is typing? Or perhaps you want to check up on your family members and know what they are doing on your computer? With Perfect Keylogger it is possible in just 2 minutes! This program runs on the installed computer, fully hidden from its users, and logs everything that is typed in a protected file.%0D%0AThis program runs on the installed computer, being fully hidden from its users, and logs in a protected file all users' typing that occurs.%0D%0AFeatures list: %0D%0ACan be fully hidden from the user and running permanently %0D%0ASupports all Windows versions, including Windows XP %0D%0ASending log by e-mail in the hidden mode %0D%0ACan be invisible in Windows NT/2000/XP Task Manager and Windows 9.x/Me Task List %0D%0ALog file is encrypted and can be protected with a password %0D%0AEasy log viewing and management %0D%0APossibility to specify target applications "
Privacy=
Description=The Perfect Keylogger often gets installed in a combination with several trojans. Often it is installed in the windows directory and so it is invisible to the user. The Perfect Keylogger records all keystrokes and tries to send them via internet.
[CoolWWWSearch.SmartSearch]
Product=CoolWWWSearch.SmartSearch
Company=
Threat=Hijacker
CompanyURL=xxx.magicsearch.XX
CompanyProductURL=xxx.magicsearch.XX
CompanyPrivacyURL=
Functionality=
Privacy=
Description=It redirects your Internet Explorer start page and search page, to XXX.magicsearch.Xx and tries to download files from the internet. Autorun entries are created to load the downloaded files on every Windows start.
[Spy.Vb.Qg]
Product=Spy.Vb.Qg
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Spy.Vb.Qg spies on your IP adress and other personal data and saves the configuration in a text file. It creates an autorun entry to be loaded on every windows start.
[Haxdoor-H]
Product=Haxdoor-H
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Haxdoor-H deactivates the Windows firewall, adds its files as services to the system to have them started at every system start. Haxdoor-H also has the ability to hide several of its files from the windows api, making it hard to detect and remove. ADDITIONAL REMOVING INSTRUCTIONS: Please start Windows in Safe Mode and scan with Spybot S&D again. The remains can be removed only there.
[Tango]
Product=Tango
Company=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tango adds an autorun entry, tries to connect to the internet and opens a DOS window which slows down your system.
[SafetyBar]
Product=SafetyBar
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs a toolbar or a browser helper object which links to rogue antispyware and antivirus product sites.
Functionality=The Windows Taskmanager can be disabled through policy settings by administrators.
Privacy=
Description=This will be shown if someone disabled your Taskmanager. In an office or educational environment the system administrator may have done this. In a private environment this is either done by yourself or malicious software. Please check if these settings are actually wanted.
[Zango.WeatherDPA]
Product=Zango.WeatherDPA
Company=Zango, Inc
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a weather toolbar
Privacy=
Description=This weather toolbar installs without proper user consent along other Zango products. Like all Zango applications advertising is shown by Zango.WeatherDPA.
[Zlob.Downloader.ixt]
Product=Zlob.Downloader.ixt
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan Downloader. Installs a library and an executable file to the Windows system directory, installs a browser helper object which links to rogue antispyware products like SpyQuake, MalwareWipe, etc.
[StealthWebsiteLogger]
Product=StealthWebsiteLogger
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The application is able to log all system and internet activities. The application can be accessed by pressing Ctrl+Alt+Shift+W (Ctrl+Alt+Shift+S is stated in the program) and entering a password (standard is "user"). The log can be sent to a predefined e-mail address.
Functionality=The Windows Registry Editor can be disabled through policy settings by administrators.
Privacy=
Description=This will be shown if someone disabled your Registry Editor. In an office or educational environment the system administrator may have done this. In a private environment this is either done by yourself or malicious software. Please check if these settings are actually wanted.
[MalwareBurn]
Product=MalwareBurn
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=MalwareBurn is a rouge antispyware tool related to the well known malicious rouge MalwareWipe. If the user scans the computer with MalwareBurn it finds some harmless cookies as malware and wants the user to buy a licence.
[Win32.Small.ah]
Product=Win32.Small.ah
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be related to Microsoft client/server runtime
Privacy=
Description=This trojan horse disguises itself to look like it would belong to the Microsoft client/server runtime. The trojan tries to download executable files from its malicious webserver.
[PremiumSearch]
Product=PremiumSearch
Company=PremiumSearch , Inc.
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a legit search site.
Privacy=
Description=This trojan horse gets installed in background, it registers itself to the system start and winlogon. It has multiple exe files and dlls with variable names running in background which protect each other and connect to the internet in background. The hosts file gets hijacked and all search sites for example from yahoo, google and msn are getting redirected to PremiumSearch. The computer gets slowed down and the security settings get compromised. The trojan horse also uses rootkit functionality to hide some of its parts. Removal of this trojan horse will require a reboot. After the reboot the explorer may not start anymore, this will require to open Spybot via the taskmanager and fix the remaining parts of PremiumSearch.
[ISearchToolBar]
Product=ISearchToolBar
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a useful search toolbar.
Privacy=
Description=The toolbar connects to its website while the user uses the Internet Explorer. It also redirects the user to its dangerously sponsored search site. Origin of the toolbar is also questionable since it is not promoted on its website. Stealth installations have been reported.
[Win32.BHO.df]
Product=Win32.BHO.df
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan downloader. Drops a dynamic link library file to the system folder as a DAT file. Further it creates and registers a browser helper object with this file.
[SecCenter]
Product=SecCenter
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SecCenter copies an executable file into program directories and tries to connect to the internet in background without giving the user a possibility to cancel that process.
[DioCleaner]
Product=DioCleaner
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=DioCleaner End-User License Agreement (ôEULAö)%0D%0A%0D%0AThis End-User License Agreement ("the Agreement") is a legal contract between you (either an individual, or, if purchased by or for a single business entity, who will be referred to as "the User", ôYouö) and DioCleaner ( ôthe Companyö) for the DioCleaner software as well as any electronic documentation, printed materials, software updates, web services, add-on components, supplements and any associated media that the Company may provide the User with further referred to as ôthe Softwareö. The items described above will be treated as part of the Software and will not be accompanied by a separate License Agreement. %0D%0A%0D%0ANOTE: PLEASE READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE INSTALLING THE COMPUTER SOFTWARE. BY DOWNLOADING, INSTALLING, COPYING, ACCESSING AND OTHERWISE USING THE SOFTWARE, THE USER CONFIRMS HIS/HER ACCEPTANCE OF THE SOFTWARE AND AGREES TO BE BOUND BY THE TERMS AND CONDITIONS OF THE AGREEMENT. IF YOU DO NOT AGREE TO THE TERMS OF THE AGREEMENT, DO NOT INSTALL, ACCESS OR USE THE SOFTWARE.%0D%0A%0D%0A1. License%0D%0A%0D%0AThe Software, any of its aspects, parts or components, or any combination of such aspects, parts and components including electronic documentation, printed materials, software updates, web services, add-on components, supplements and any associated media that the Company may provide the User with are the exclusive intellectual property of DioCleaner and are protected by intellectual property laws and treaties.%0D%0A%0D%0ADioCleaner grants You with a limited, non-exclusive license to use the Software solely on condition that You agree to be bound by all the terms of the present Agreement. If you are a member or agent of a business organization and are entering into this agreement to acquire the Software for use by the organization for business purposes, You agree that You enter into the Agreement as a representative of this organization and that You have the authority to bind the organization in question to the terms and conditions of the Agreement.%0D%0A%0D%0ABy accepting the terms of this Agreement You hereby acknowledge that the limited non-exclusive license granted to You by the Company does not give You ownership rights, nor does it entitle You to any copyright or any other intellectual or industrial property rights to the Software.The Software is licensed, not sold, the limited non-exclusive license being issued for use solely under the terms of the Agreement. The company reserves all rights not expressly granted to the User who owns the media onto which the Software is recorded, but the company reserves ownership of all copies of the Software itself.%0D%0A%0D%0A2. Restrictions%0D%0A%0D%0A- The User may install and access one copy of the Software on a single computer. The Software copy may also be shared on a common build/test machine on condition that You or your entity has purchased a single license for that common build/test machine and each developer using it possesses a license. It is prohibited to share, transfer, lease, distribute or publish the license for the Software. The User is allowed to make one copy of the Software solely for backup and archival purposes provided that the User reproduces all copyright and other proprietary notices contained by the original copy of the Software.%0D%0A%0D%0A- The User may not modify, reverse engineer, decompile, or disassemble the Software, unless such activity is expressly permitted by the Company and corresponding law. The Software is licensed as a single product, its component parts not being subject to use on more than one computer. Redistributable parts are the only exception.%0D%0A%0D%0A- The User hereby acknowledges that he/she realizes that if the Software is labeled as ôEvaluation Copyö or ôNot For Resaleö or contains other indications of the kind, then, notwithstanding other sections of the Agreement, the User may not and will not use the Software for commercial purposes and public distribution, sell, or otherwise transfer it for value. %0D%0A%0D%0A- It is prohibited to remove, modify or make corrections to DioCleaner copyright and trademark notices on any part of the Software, including but not limited to any such notices contained in the physical and/or electronic media or documentation, in any of the runtime resources and/or in any web-presence or web-enabled notices, code, etc. originally contained in the Software.%0D%0A%0D%0A3. Warranty%0D%0A%0D%0AThe User hereby acknowledges that the Company does not guarantee the Software to be error-free. You also acknowledge that the presence of any errors of the kind shall not constitute a breach of the Agreement by the Company. DioCleaner does not guarantee complete detection and/or removal of spyware, adware, malware, Trojans, keyloggers and trackware, nor does it guarantee complete detection of browser infections and tracking cookies on the UserÆs machine.%0D%0A%0D%0AThe use of the Software may result in removal or disabling of other programs from your computer, including software that may or may not be classified as Spyware. By using the Software, you acknowledge that You have read this statement and that You agree not to hold the Company responsible for such removal or disabling or the results of such removal or disabling. The User holds sole responsibility for selecting the programs to be removed by the Software from the UserÆs machine. %0D%0A%0D%0AYou further acknowledge that you realize that the Software will seek to remove malicious codes and that in some cases the removal of the code may cause your breaching a license to use the host software which installed that code or certain host programs to stop functioning. You agree to consult the terms of any license agreement for the host program before removing any Spyware or Adware associated with that program.%0D%0A%0D%0ADioCleaner, its licensors or their related companies shall not be liable to the User for any damages, whether direct, consequential, indirect or special, punitive or incidental foreseeable or unforeseeable, based on the UserÆs claims or the claims of a third party, whether based on the Agreement, any commitment performed or undertaken under on or in connection with the Agreement or otherwise, except for cases of personal injury where a corresponding law requires liability. %0D%0A%0D%0A4. Upgrades%0D%0A%0D%0ADioCleaner shall provide new releases, revisions or updates to the Software. The User must be licensed to use a product identified by the Company as being eligible for the upgrade in order to use the Software. Software, identified by the Company as an upgrade, substitutes and/or supplements the product that formed the basis for your eligibility for such upgrade. You may use the upgraded product only in accordance with the terms of the Agreement. If the Software is an update of a component of a software package that you licensed as a single product, the Software may be used and transferred only as part of the package and may not be separated for use on more than one machine.%0D%0A%0D%0A5. Copyright and Trade Marks%0D%0A%0D%0AYou acknowledge that the Software and all the software related products, including but not limited to computer manuals and computer literature, further treated as "Products" are subject to copyright. Hence, the User shall not breach the copyright mentioned in the Agreement during or any time after the expiry or termination of this license or permit any action that would do so.
Description=DioCleaner pretends to be a serious antispyware application. Seems to in close relation to SpywareBot, which is also a well known rogue antispyware solution.
[FamilyCyberAlert]
Product=FamilyCyberAlert
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=FamilyCyberAlert is a spyware tool to monitor the whole computer. If the program is installed all keystrokes made by the user get recorded and every program used gets logged. Additionally FamilyCyberAlert takes screenshots every few seconds so it is possible to spy out user's working and surfing habits.
[Virtumonde.generic]
Product=Virtumonde.generic
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Virtumonde copies itself to the system folder and creates a browser helper object (BHO). Virtumonde connects to malicious websites in background. It also adds a randomly named dll to the Winlogon Notify, which will make it very resistable to removal. If you need help with removal please contact Team Spybot S&D via forums or email. These rules have been created based on the list of castlecops (http://www.castlecops.com/CLSID.html), thanks to Paul and Tony!!!
[Win32.Banker.fn]
Product=Win32.Banker.fn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Banker.fn installs itself into the media folder of the Windows directory. It creates an autorun entry and opens a TCP/IP connection.
[SyperCrypt.Overwriter]
Product=Overwriter
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The SyperCrypt.Overwriter is a program called sypercrypt.exe. It is written in russian. When started, it overwrites the first bytes of the selected file. When the overwritten file is executed, a tiny popup keeps floating over the screen.
[CC2Bank]
Product=CC2Bank
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This application is a bankfraud tool. It is able to find out nearly anything by typing in the number of the credit card, e.g. the address or phone.number of the bank.
[MessengerSkinner.rtk]
Product=MessengerSkinner.rtk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to deliver smileys for the MSN Messenger
Privacy=Quote from EULA:%0D%0AThe Software includes a component which will remain active at all times with the objective of verifying and ensuring the correct functioning of the Software, and offering other advantages (ôComponentö). When the User is connected to the Internet the Component will make periodic connections to the ProviderÆs servers in order to check that there are no problems in the access network or the UserÆs Computer. If any error which prevents the normal use of the Software is detected in the UserÆs Computer, the Component will seek to identify and solve it. Any changes that the Component makes to the UserÆs Computer will be to clearly non-essential parts thereof and for the purposes referred to in these Conditions. THE USER REQUESTS AND AUTHORIZES THE INSTALLATION AND UPDATING OF THIS COMPONENT TOGETHER WITH THE SOFTWARE IN ACCORDANCE WITH THE TERMS SET OUT IN THESE CONDITIONS. The Component will carry out the tasks described in these Conditions only when the User is connected to the Internet, whether using the Software or the UserÆs regular Internet connection. In any case, the User can easily uninstall the Software or the Component by selecting ôAccess Connectionö and ôComponent Add-Onö respectively in the appropriate section of the operating system control panel. Users should be aware that upon such uninstallation, the advertising messages might be sent during a period of three months after said uninstallation, the benefits provided by the Component will not be available and in certain cases the Software (if retained) or the ProviderÆs services may not function correctly.
Description=MessengerSkinner is adware but does not disclose this material fact on its website or software outside the terms and conditions. The advertising component always runs in background and can even stay on the users computer 3 month after the user has uninstalled the MessengerSkinner software. Some parts of the MessengerSkinner is installed hidden from the Windows API (rootkit functionality) which is also not stated anywhere. These hidden parts do not uninstall with the rest of the software and keep running in background. %0D%0A
[MailSkinner.rtk]
Product=MailSkinner.rtk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be additional smileys for Microsoft Outlook
Privacy=
Description=MailSkinner.rtk is similar to MessengerSkinner.rtk, it installs the same files which get hidden by rootkit functionality.
[FlashDollars.AntiVirusProtection]
Product=FlashDollars.AntiVirusProtection
Company=Telecom Advance Inc.
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit antivirus software
Privacy=
Description=The vendor hides behind domains by proxy (anonymous domain registration service) for all of his domains. AntiVirus may find non harmful items and flag them as threats urging the user to buy the software since it can only clean the computer once purchased.%0D%0ABut since the vendor does not properly disclaim himself this software is made for fraudulent purposes only. Additionally the 'detection' database does not appear to include virus protection.
[Win32.LoadAdv.h]
Product=Win32.LoadAdv.h
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.LoadAdv.h connects to the internet in background, loads UltimateCleaner, VirusProtectPro, Zlob.ImageActiveXAccess, Search2Find, VirusLocker, MagicAntiSpy etc. without giving the user a possibility to cancel that process.
[Performance Optimizer]
Product=Performance Optimizer
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Performance Optimizer claims to be a registry tool to fix errors. While scanning the computer it will find hundreds of errors that are false positives and wants the user to purchase a licence to fix them.
[AntiVirGear]
Product=AntiVirGear
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AntiVirGear claims to be an antispyware solution and gets advertised by dubious popups. If it is installed on the computer, it finds some entries as malware which are totally harmless. That way the programs tries to frighten users by showing false positives. Whenever the user tries to fix these problems he has to purchase a licence. AntiVirGear is the same application as VirusBurst.
[Win32.CDN]
Product=Win32.CDN
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Claims to be a Microsoft file via misspelled version information tab (Mircosoft).
[Win32.Delf.ayr]
Product=Win32.Delf.ayr
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.ayr starts itself in autorun as "svchost", blocks regedit and disables the windows firewall, tries to connect to a Polish webserver in background without giving the user a possibility to cancel that process.
[Win32.OnLineGames.bkz]
Product=Win32.OnLineGames.bkz
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.OnLineGames.bkz copies an executable file into the Windows directory and a library file into the system directory. It starts itself in autorun as "upxdnd" without giving the user a possibility to cancel that process.
[Win32.PSW.Game]
Product=Win32.PSW.Game
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.PSW.Game copies executable and library files into the system and Windows directory, starts itself in autorun as "mppds" without user consent.
[Win32.SdBot.aea]
Product=Win32.SdBot.aea
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.SdBot.aea copies executable files into the system directory, starts itself in autorun as "Microsoft Update Machine" and creates the service "Microsoft Update Machine" without giving the user a possibility to cancel that process.
[Win32.VB.ke]
Product=Win32.VB.ke
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.ke copies an executable file into the root directory, starts itself in autorun as "Windows32" and tries to connect to the internet in background without giving the user a possibility to cancel that process.
[LocusSoftware.PCPrivacyTool]
Product=LocusSoftware.PCPrivacyTool
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=LocusSoftware.PCPrivacyTool claims to be a registry optimizer. When it is installed it finds hundreds of dangerous spyware problems that could only be fixed by purchasing a license. LocusSoftware.PCPrivacyTool is the same application as LocusSoftware.SecurePCCleaner and is in close relation to Vario.AntiVirus.
[LocusSoftware.SecurePCCleaner]
Product=LocusSoftware.SecurePCCleaner
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=LocusSoftware.SecurePCCleaner claims to be a registry optimizer. When it is installed it finds hundreds of dangerous spyware problems which can only be fixed by purchasing a license. LocusSoftware.SecurePCCleaner is the same application as LocusSoftware.PCPrivacyTool and is in close relation to Vario.AntiVirus.
[Haxdoor.DVB03a]
Product=Haxdoor.DVB03a
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Haxdoor.DVB03a installs services and autorun entries to be loaded on every windows start up. It hides some files from the windows API. Hence these files are invisible to the user. It downloads further malware from the internet. ADDITIONAL REMOVING INSTRUCTIONS: Please reboot windows in safe mode and scan again with Spybot - Search & Destroy to delete the remainings.
[FlashDollars.RegistryRepair]
Product=FlashDollars.RegistryRepair
Company=Telecom Advance Inc.
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a registry repair tool
Privacy=
Description=The vendor hides behind domains by proxy (an anonymous domain registration service) for all of his domains. This registry repair may find non harmful items and will flag them as threats to urge the user to purchase the software since it can only clean the computer once purchased. But since the vendor does not properly disclaim himself this software is made for fraudulent purposes only. Other software from this vendor is identical.
[FlashDollars.SpywareRemover]
Product=FlashDollars.SpywareRemover
Company=Telecom Advance Inc.
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an antispyware tool
Privacy=
Description=The vendor hides behind domains by proxy (an anonymous domain registration service) for all of his domains. SpywareRemover may find non harmful items and will flag them as threats to urge the user to buy the software since it can only clean the computer once purchased. But since the vendor does not properly disclaim himself this software is made for fraudulent purposes only. Other software from this vendor is identical.
[GoAstro.rtk]
Product=GoAstro.rtk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a free horoscope software
Privacy=
Description=GoAstro.rtk secretly installs the same rootkit components like MessengerSkinner.rtk and MailSkinner.rtk. These components include files and a system start entry which are hidden from the Windows API. GoAstro.rtk also transmits data about the users computer.
[LiveSVC.Wintrim]
Product=LiveSVC.Wintrim
Company=Electronic Group Interactive
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=plugins from websites are supposed to grant access to multimedia content
Privacy=
Description=LiveSVC.Wintrim installs its useless plugins in background (user is supposed to need special plugin for flashgames or downloading wallpapers), these plugins do not grant access to the promised content. There is no uninstall option and the user has no control over the plugins. Websites installing these plugins are related to other malware sites. This trojan horse also connects to its malicious servers and transmits crypted data. It may also install components which are hidden from the Windows API (rootkit). If the rootkit functions are active, the windows taskmanager and registry editor are not available. Plugin may contact various adult content sites in background.
[DivoCodec]
Product=DivoCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=DivoCodec is an alleged codec, which will be used by other well known rogue software like 3wplayer.
[Win32.Small.azl]
Product=Win32.Small.azl
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.azl connects to the internet in background, loads Yazzle, Virtumonde, creates randomly named directories, starts itself in autorun as "WinAble", "divipavk", "runner1", "CTDrive" without giving the user a possibility to cancel that process.
[Infomeca]
Product=Infomeca
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The downloaded files are installed as browser helper objects. These are originally from Korea. They are installed without user consent and may produce popups.
[RevealerKeylogger]
Product=RevealerKeylogger
Company=RevealerKeylogger
Threat=Keylogger
CompanyURL=www.revealerkeylogger.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Quote from the author:"Revealer Keylogger's powerful log engine handles any language on any keyboard. It records anything, even passwords behind asterisks and conversations in common instant messengers. Revealer Keylogger's powerful log engine handles any language on any keyboard."
Privacy=
Description=RevealerKeylogger tracks the user's surfing and working behaviour. It records all keystrokes without user consent and thus makes it possible to spy on the user. RevealerKeylogger creates autorun entries in the registry in order to be launched on each Windows startup. RevealerKeylogger creates a log file of all recorded information using the format "RevealerLog********" where the asterisks are the date of the day of creating the file.
[Winzix]
Product=Winzix
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Winzix claims to be a file compression tool but if the user installs it he gets a lot of other trojans and the computer gets a load of pop up advertisement. Winzix is often brought to the users computer by filesharing tools.
[UtiledeProtection]
Product=UtiledeProtection
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=UtiledeProtection claims to be a rouge antispyware tool that tries to sell their license by showing fake problems to the user.
[Win32.Agent.AFGM]
Product=Win32.Agent.AFGM
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.AFGM copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Win32.StartPage.arf]
Product=Win32.StartPage.arf
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.StartPage.arf copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Win32.Virtualizer]
Product=Win32.Virtualizer
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Virtualizer copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Win32.Agent.CNP]
Product=Win32.Agent.CNP
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.CNP replaces important windows files (wininet.dll and kernel32.dll) with manipulated ones.
[Win32.Agent.aqf]
Product=Win32.Agent.aqf
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.aqf connects to update.microsoft.com to check if there is an open internet connection. Afterwards it downloads malware from the internet without user consent.
[Zlob.Downloader.oid]
Product=Zlob.Downloader.oid
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Win32.EST.avg]
Product=Win32.EST.avg
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan Downloader. Once infected, it downloads files from malicious domains and installs them within the system and the user temp directory. It creates autorun entries and connects randomly to malicious servers.
[Zlob.Downloader.omd]
Product=Zlob.Downloader.omd
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Zlob.Downloader.odn]
Product=Zlob.Downloader.odn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Zlob.Downloader.ned]
Product=Zlob.Downloader.ned
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Zlob.Downloader.vcd]
Product=Zlob.Downloader.vcd
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Win32.Agent.ci]
Product=Win32.Agent.ci
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Copies executables to the windows directory and installs a internet explorer toolbar. Responsible for agressive advertising for several rogue products with unwanted browser pop ups and faked malware alerts.
[Hookdump]
Product=Hookdump
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan horse which can be used for stealing passwords and personal data. It allows access to the computer from remote locations. This program is installed to the system directory and creates an autorun entry.
[Win32.OnLineGames.NCU]
Product=Win32.OnLineGames.NCU
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=After execution Win32.OnLineGames.NCU copies itself in the system directory and creates an autorun entry to be loaded every windows startup without user consent.
[Bifrose.gen]
Product=Bifrose.gen
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Generic detection of the Bifrose trojan. Bifrose is a trojan that installs itself into the windows directory and starts automatically by system startup. When the computer is connected to the internet the trojan tries to connect to a server and waits for new orders to spy out the user's habbits.
[Win32.Delf.acv]
Product=Win32.Delf.acv
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.acv copies an executable into system directory and starts itself in services as "CSNetManagerXp" without giving the user a possibility to cancel that process.
[Win32.Agent.bcn]
Product=Win32.Agent.bcn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.bcn creates an executable and log file into system directory without giving the user a possibility to cancel that process.
[Win32.Agent.xi]
Product=Win32.Agent.xi
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.xi copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Rabio.SearchEnhancer]
Product=Rabio.SearchEnhancer
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Rabio.SearchEnhancer is a tool that shows advertisment to the user when he is surfing via Internet Explorer. The advertisement changes depending on special keywords the user is typing in. Rabio.SearchEnhancer does not have a start menu folder and so it is hard to uninstall. Additionally the uninstaller does not remove the folders and files from the user's hard disk.
[PCSpyKeylogger]
Product=PCSpyKeylogger
Company=YL Computing Inc.
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=PCSpyKeylogger tracks the user's surfing and working behaviour. PCSpyKeylogger creates autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and thus makes it possible to spy on the user. It is able to block programs (especially anti-spy or anti-virus programs) from starting and it runs completely hidden.
[123Keylogger]
Product=123Keylogger
Company=Conkurent, LLC
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=123 KeyLogger allows you to record: * Documents created * Web-sites visited * Applications launched * Active windows * Passwords entered in terminal windows, web-sites etc * Chat, ICQ, MSN, Yahoo conversations * All keystrokes * Screenshots at regular intervals
Privacy=
Description=123Keylogger tracks the user's surfing and working behaviour. 123Keylogger creates autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and thus makes it possible to spy on the user. It is able to block programs (especially anti-spy or anti-virus programs) from starting and it runs completely hidden.
[Win32.Delf.ck]
Product=Win32.Delf.ck
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.ck is a hidden proxy which connects to the internet and looks for keywords the user types. It creates an autorun entry to run on every system startup and listens on a TCP port. It also creates a registry entry to bypass the firewall.
[LocusSoftware.BestsellerAntivirus]
Product=LocusSoftware.BestsellerAntivirus
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=LocusSoftware.BestsellerAntivirus claims to be a antivirus solution. When it is installed it finds hundreds of dangerous spyware problems that could only be fixed by purchasing a license. LocusSoftware.BestsellerAntivirus is the same application as LocusSoftware.SecurePCCleaner and is in close relation to Vario.AntiVirus.
[Win32.Small.ls]
Product=Win32.Small.ls
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a Windows system file
Privacy=
Description=This trojan horse pretends to be a Windows system file. It runs in background and waits to harm the user's computer.
[SDWin32.Websearch24]
Product=SDWin32.Websearch24
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a security browser helper object (BHO)
Privacy=
Description=This trojan horse installs itself as a browser helper object named 'SDWin32 Class', it starts with the Internet Explorer and connects to its malicious websites in background.
[NNC.MGRS]
Product=NNC.MGRS
Company=No Name Corporation
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The NNC.MGRS is a trojan horse that runs in background, adds itself to the system start, connects to the internet and downloads other software such as fake security tools like 'NousTech.UCleaner' and/or 'WegVonViren' a Vario.Antivirus variant.
[Zlob.Downloader.vdt]
Product=Zlob.Downloader.vdt
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan downloads and installs various third-party spyware and malware to infected computers.
[Zlob.Downloader.sdt]
Product=Zlob.Downloader.sdt
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan downloads and installs various third-party spyware and malware to infected computers. This Zlob variant also changes the DNS settings of the infected computer.
[Win32.PoisonIvy.j]
Product=Win32.PoisonIvy.j
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.PoisonIvy.j records all keystrokes without user consent and thus makes it possible to spy on the user and it runs completely hidden. Please start a scan in SafeMode to remove all parts of this keylogger.
[Win32.Iroffer.af]
Product=Win32.Iroffer.af
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Iroffer.af records all keystrokes without user consent and thus makes it possible to spy on the user. It is able to block security software (especially anti-spy or anti-virus programs) and it runs completely hidden.
[Win32.Hupigon.qcj]
Product=Win32.Hupigon.qcj
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Hupigon.qcj copies executable files into windows directory, changes registry settings and blocks starting executable files
[Win32.Hupigon.I]
Product=Win32.Hupigon.I
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Hupigon.I copies executable and library files into program files directory without giving the user a possibility to cancel that process.
[Win32.Hupigon.Bx]
Product=Win32.Hupigon.Bx
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Hupigon.Bx copies an executable file into the system directory without giving the user a possibility to cancel that process.
[Win32.Delf.ais]
Product=Win32.Delf.ais
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.ais copies executable files (as expleror.exe) into the system directory, changes registry settings and blocks starting executable files.
Description=ErrorDoctor gets downloaded by adware. It claims to be a PC cleaning tool. When the user starts a scan, it finds some harmless cookies declared as high risk security problems. If the user wants to get these problems fixed by ErrorDoctor he has to purchase a license.
[WebSpyShield]
Product=WebSpyShield
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WebSpyShield claims to be an antispyware solution and installs a browser toolbar in the Internet Explorer. If the user scans his computers WebSpyShield shows a lot of false positives. To remove these false positives the user has to purchase a license.
[Powered Keylogger]
Product=Powered Keylogger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Powered Keylogger runs silently in the background of the operating system and tracks the user's surfing and working behaviour.
[QuickKeylogger]
Product=QuickKeylogger
Company=WideStep Security Software
Threat=Keylogger
CompanyURL=widestep.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=QuickKeylogger gets installed to the system directory and runs silently in the background. It records all keystrokes without the user's awareness or consent about this.
[ComputerMonitorKeylogger]
Product=ComputerMonitorKeylogger
Company=Rebrand Software, LLC
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=quote from the author:"Ensure your computer's security by monitoring all activity on your computer, capturing keystrokes, programs, websites and screenshots. Completely invisible and easy to use, all information captured is stored in an encrypted log file. The log file can be sent secretly at scheduled intervals to any specified email address.All activity in Internet Explorer can be monitored, and webpages are cached for viewing offline."
Privacy=
Description=ComputerMonitorKeylogger tracks the user's surfing and working behaviour. ComputerMonitorKeylogger creates autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and thus makes it possible to spy on the user. It is able to block programs (especially anti-spy or anti-virus programs) from starting and it runs completely hidden.
[Win32.Banker.aipy.rtk]
Product=Win32.Banker.aipy.rtk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan installs a few executables and a library files into the system directory and runs those file. One file connects to a foreign server, another one creates autorun entries and hides some files and the autorun entries from Winows API and the user.
[Searchdom.Wininit]
Product=Searchdom.Wininit
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a Windows system file
Privacy=
Description=This hijacker pretends to be a Windows system file. It runs in background, blocks the MSN Search and redirects the browser to its own malicious search site.
[PeopleOnPage.Envolo]
Product=PeopleOnPage.Envolo
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some kind of updater
Privacy=
Description=This trojan horse runs in background, connects to its malicious website, downloads and installs other malware and trojan horses. It also adds itself several times with variable names to the system start.
[PeopleOnPage.ContextPlus]
Product=PeopleOnPage.ContextPlus
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse runs in background, adds itself to the system start and adds a browser helper object (BHO) to get started with the Internet Explorer. It collects data about the user and transmits this to its websites while the Internet Explorer is being used.
[Bestsearch.Scvhost]
Product=Bestsearch.Scvhost
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a windows system file
Privacy=
Description=This hijacker pretends to belong to the windows system files. It runs in background, hijacks the start pages of the Internet Explorer and adds itself as debugger for exe files to get started with every application. Bestsearch.Scvhost also adds itself twice to the system start.
[Apropos.ax]
Product=Apropos.ax
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be the Microsoft Internet Explorer
Privacy=
Description=This trojan horse poses as the Microsoft Internet Explorer and is related to other trojan horses and malware like Apropos.Media and PeopleOnPage variants.
[Zlob.Downloader.eot]
Product=Zlob.Downloader.eot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers. This trojan also changes the DNS settings.
[Win32.Keymake]
Product=Win32.Keymake
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Keymake disguises by using excel.exe as filename. It is a japanese hacker tool.
[Win32.VB.Nu]
Product=Win32.VB.Nu
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.Nu copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Win32.Autoit]
Product=Win32.Autoit
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Autoit copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer. Additonally it disables the Windows taskmanager, registry editor and folder options.
[Fraud.XPAntivirus]
Product=XPAntivirus
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=XPAntivirus claims to be an antispyware solution. When it is installed on the computer it shows a lot of harmless cookies, browser helper objects and autorun entries as high risk spyware problems installed by itself. When the user wants to fix these false positives he has to purchase a license.
[Win32.VB.aya]
Product=Win32.VB.aya
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The executable file copies itself into the Windows directory and downloads other malware and adware without user consent.
[Win32.Delf.aeo]
Product=Win32.Delf.aeo
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The library file is installed as a browser helper. It looks for keywords typed in on several websites and then redirects to advertising sites for e.g. (fake) anti-spyware.
[eSupport.FFBiosExt]
Product=eSupport.FFBiosExt
Company=TouchStone Software
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=This software is an add-on for the Mozilla Firefox, it is capable of reading bios information and determine the appropiate update.
Privacy=
Description=The stated functionality is given but the add-on is not uninstallable, it also installs a service which is also not uninstallable. The corresponding add-on for the Internet Explorer is uninstallable.%0D%0A%0D%0AUpdate: 2008-01-28 New version of the plugin for the Firefox has now a working uninstall entry listed in systemsettings - software. -> Delisting from detection
[Win32.Agent.msgr]
Product=Win32.Agent.msgr
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a file related to the Windows Messenger
Privacy=
Description=This trojan horse runs in background and tries to connect to its malicious websites and downloads additional files. Win32.Agent.msgr adds itself into the system start as 'Microsoft.' and can cause system instability.
[TM.ZServ]
Company=Thinking Media LP
Product=TM.ZServ
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some kind of usefull toolbar
Privacy=
Description=This trojan horse installs as a browser helper object (BHO). It runs in background without user notice and can enable hidden remote access.
[TM.BestOffers]
Product=TM.BestOffers
Company=Thinking Media LP
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some kind of usefull toolbar
Privacy=
Description=This trojan horse installs as a browser helper object (BHO). It runs in background without user notice and can enable hidden remote access. It also downloads and installs ABetterInternet without user consent.
[TM.BTGrab]
Product=TM.BTGrab
Company=Thinking Media LP
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be some kind of usefull toolbar
Privacy=
Description=This trojan horse installs as a browser helper object (BHO). It runs in background without user notice and can enable hidden remote access.
[ABetterInternet.iSearch]
Product=ABetterInternet.iSearch
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a useful browser helper object (BHO) and search site
Privacy=
Description=This trojan horse runs in background and connects to its malicious websites to download additional installation files. An Internet Explorer BHO labeled as 'IE Update Class' , an 'iSearch' Firefox extension and 2 malicous system start entries get installed. There are also desktop links created which point to malicious or suspicious software and websites.
[Win32.SdBot.aad]
Product=Win32.SdBot.aad
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.SdBot.aad copies an executable file into the windows directory without giving the user a possibility to cancel that process. It also starts itself via shell extension.
[Win32.Delf.QP]
Product=Win32.Delf.QP
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.JKH copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Vario.RogueAntiSpy]
Product=VirusRay
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Vario.RougeAntiSpy claims to be an antispyware solution and gets advertised by dubious popups. If it is installed on the computer, it finds some entries as malware which are totally harmless. When the user tries to fix these problems he has to buy a license and so the program tries to frighten users by showing false positives. Vario.RougeAntiSpy is a variant of SpywareQuake, VirusBurst, AntiVirGear and other well known rouge antispyware tools.
[Win32.MMD]
Product=Win32.MMD
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=When executed it continuously creates folders in the recycle bin and can only be stopped by ending the process. This way it binds a very big amount of system resources and the system may break down.
[AdwareDeluxe]
Product=AdwareDeluxe
Company=Mandel Enterprises LTD
Threat=Malware
CompanyURL=
CompanyProductURL=adwaredeluxe.com
CompanyPrivacyURL=
Functionality=
Privacy=
Description=When it is installed it detects a lot of entries which are false positives. When the user wants to fix these problems he has to buy a license.
[VirusRanger]
Product=VirusRanger
Company=
Threat=malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=VirusRanger pretends to be an antispyware solution but actually does not detect any kind of malware. The program's website contains horrifying stories about computers, espionage etc. urging the user to install VirusRanger. Stands in close connection to the rogue antispyware software VirusRescue.
[Revenue.net]
Product=Revenue.net
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Adserver which also displays advertising for phishing sites and malware.
[Netpumper]
Product=Netpumper
Company=WakeNet AB
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Netpumper is a download accelerator which comes bundled with adware in the 'demo version'.
Privacy=
Description=Netpumper 'demo' comes bundled with WhenU.Clocksync, WhenU.Save and Cydoor. It only runs with these bundled adware components installed. There are reports of stealth installs by Netpumper. Netpumper's domain is registered via DomainsByProxy which is used to hide ones identity. Legal companies should refrain from registering domains through such means.
[NSIS Media.VB]
Product=NSIS Media.VB
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a Microsoft Windows Explorer file
Privacy=
Description=Files pretend to be related to Microsoft Windows Explorer. The Version information are faked.
[Win32.Destrukor]
Product=Win32.Destrukor
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Destrukor copies an executable file into the windows directory, starts itself in autorun as "shost32.exe" without giving the user a possibility to cancel that process.
[BPSAdwareStriker]
Product=BPSAdwareStriker
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=BPSAdwareStriker claims to be a serious antispyware solution. When it is installed on the computer it tries to delete Spybot - Search & Destroy. BPSAdwareStriker seems to be the same application as BPSAdwareCops
[BPSAdwareCops]
Product=BPSAdwareCops
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=BPSAdwareCops claims to be an serious antispyware solution. When it is installed on the computer it tries to delete Spybot - Search & Destroy. BPSAdwareCops seems to be the same application as BPSAdwareStriker
[AdwareRemover2007]
Product=AdwareRemover2007
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware pretends to be a valid antispyware solution. But it only exaggerates the results and also shows intentional false positives to make the user purchase for the full version, which is heavily advertised by the Smitfraud-C. malware. Usually a trial version of AdwareRemover2007 gets installed without user consent along with other malware like Smitfraud-C.. AdwareRemover 2007 is in close relation to SpySheriff.
[Win32.BabyDel]
Product=Win32.BabyDel
Company=S.A. Dittrich
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.BabyDel copies itself to your system directory and tries to connect to the internet. When connected to a server it waits for new orders to spy on the user. Win32.BabyDel copies itself to your system directory and tries to connect to the internet. It runs in the background.
[Win32.Absturz]
Product=Win32.Absturz
Company=Matthias Bockelkamp
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Absturz lets the PC hang immediately when executed - Optimal for placing in the Startup group Can also be put in any directory with subdirectories because it looks like a folder.
[Win32.Abaddon]
Product=Win32.Abaddon
Company=NoName Security Inc.
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=quote from the author:%0D%0A"The use of Abaddon:%0D%0AWell, to get or give any user any priviledges you want on an NT machine"
Privacy=
Description=Trojan Win32.Abaddon gives an attacker the possibility to gain all computer rights he wants to have.
[Ad-PurgeSpywareAndAdwareRemoverPro]
Product=Ad-PurgeSpywareAndAdwareRemoverPro
Company=Rebrand Software
Threat=malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The program pretends to be an anti-spyware program. Same application as SpyShield.
[Win32.Small.ny]
Product=Win32.Small.ny
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.ny disguises as IEXPLORER.EXE in the Windows directory. It connects to a russian server and runs in background without user consent. May be used to establish a botnet.
[Win32.Small.au]
Product=Win32.Small.au
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file runs in background and reads some registry keys.
[Win32.Agent.bxx.rtk]
Product=Win32.Agent.bxx.rtk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan installs a service called runtime2.sys which hides itself, the registry keys and a connection to the internet from Windows API (rootkit activity). If you need help removing this threat, please contact Team Spybot S&D via forums or email.
[Win32.Agent.atr]
Product=Win32.Agent.atr
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file is installed to the system directory and opens a UDP connection. It runs a batch file in background.
[100PercentAntiSpyware]
Product=100PercentAntiSpyware
Company=Scorpio Software
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=This application is installed as a free spyware scanner.
Privacy=
Description=The program installs itself into a program folder and runs without user consent. If the user wants to scan or contact the support team, he has to purchase the product.
[CPXinteractive]
Product=CPXinteractive
Company=
Threat=Cookie
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Tracking cookie placed by an advertising server. You get this cookie without notice since the advertising server is usually embedded to normal websites that display advertising from a remote server. The webmaster usually has no control over the advertising content.
[PalTalk]
Product=PalTalk
Company=A.V.M. SOFTWARE, INC.
Threat=Adware
CompanyURL=http://www.paltalk.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an adsupported instant messenger in basic version.
Privacy=
Description=Advertising may include advertising campaigns for malicious software like Winfixer.
[Win32.Agent.ekn]
Product=Win32.Agent.ekn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.ekn copies an executable file into the system directory, starts itself in autorun as "Windows SysNotify" without giving the user a possibility to cancel that process.
[SynergeticSoft.PrivacyDefender]
Product=SynergeticSoft.PrivacyDefender
Company=SynergeticSoft
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be legit software that can remove usage tracks.
Privacy=
Description=Software is able to remove usage tracks as described. Privacy Defender is sold for about 15$ but vendor hides his identity.
[SpyBouncer]
Product=SpyBouncer
Company=SRC Technologies
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit antispyware software.
Privacy=
Description=SpyBouncer has aggressive advertising and uses false positives to urge users to pay for the software. Company hides its address.
[Spy-Killer]
Product=Spy-Killer
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit antispyware tool.
Privacy=
Description=Vendor hides his postal address and has registered his domain through an anonymous domains service. Legit software vendors will not hide themselves.
[MeMedia.AdVantage]
Product=MeMedia.AdVantage
Company=MeMedia Inc. /WhenU
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Advertising component that is bundled with software to make it available without usage fees. Supposed to have contextual advertising delivered 4-5 times per day.
Privacy=By downloading AdVantage (the ôSoftwareö), a product of MeMedia Inc. (ôMeMediaö), you give permission to MeMedia to display relevant contextual pop-up ads, comparison shopping results and coupons while you are online. The Software selects which ads and offers to display based on several factors, including: Web pages you visit, terms you enter into search engines and other online forms, content of the Web pages you view and your IP address and zip code. %0D%0A%0D%0AMeMedia is committed to serving highly relevant, contextual pop-up ads, comparison shopping results and coupons, while still providing consumers with industry-leading privacy protection. The Software protects your privacy by uploading a database of content in small chunks to your computer and then determining on your computer whether to retrieve information from MeMedia or third-party servers. To protect your privacy, the same database of content is sent to all of our users. The determination of which ads to display to an individual user is made on the individual userÆs own computer and isolated from MeMedia servers. In this way, MeMedia is able to deliver relevant coupons, information and advertisements without sending all of your browsing activity back to MeMedia and without establishing any profile about you (even anonymously) on MeMedia servers. %0D%0A%0D%0AYour privacy is also protected in the following manner: %0D%0AYour personally-identifiable information is not required in order to use the Software. MeMedia does not know your individual identity and does not attempt to discern it in any way. %0D%0AMeMedia does not assemble any personally-identifiable browsing profiles of you or your individual machine. %0D%0AMeMedia does not assemble any anonymous machine-identifiable browsing profile of you or your machine. %0D%0AThe Software sends back to MeMedia servers anonymous information from your computer so that we can keep track of the number of users in our network and optimize the performance and relevance of the ads. For example, the Software may send MeMedia or a MeMedia partner a communication that includes information about the Webpage you were viewing when you saw or clicked on a particular ad, the term you entered into a search engine or online form and/or your IP address or zip code. MeMedia has intentionally designed these communications back to MeMedia or a MeMedia partner to be highly protective of user privacy in the following ways: %0D%0A%0D%0AEach individual desktop is assigned an anonymous, unique machine ID. This machine ID is used only to enable MeMedia to count unique, active desktops in the network. The machine ID is not used to determine which ads to serve individual users or to create browsing profiles of users. All Software components will be removed upon uninstallation, except for your anonymous, unique machine ID, which remains in the registry. %0D%0AWhen ads are requested and/or displayed by the Software, impressions and click-throughs, including the factor (e.g., the URL, keyword, search term, IP address, zip code or some combination thereof) that caused the ad to be displayed are reported to MeMedia. %0D%0AThe anonymous information that your computer sends back to MeMedia servers may be shared with MeMedia partners to improve the performance of the Software and to optimize the relevancy of the advertisements. MeMedia uses reasonable commercial efforts to restrict the further dissemination of such anonymous information by such partners. However, MeMedia does not control the activities of our partners and cannot prevent them from using or disseminating such anonymous information.%0D%0A%0D%0A
Description=Advantage runs visible with an icon in the taskbar, it connects to various WhenU and MeMedia sites. Once it completes its requests it will collect information about the user's surfing habits to address him with contextual advertising.%0D%0ABut not all advertising is contextual, on opening google.de a popup/-under will appear that advertises adult contacts. The Firefox add-on that is also installed can be disabled but does not uninstall with the rest of Advantage, it has to be uninstalled manually in contrast to its installation along the other Advantage components. MeMedia is the new company name for WhenU.
[SpyRemover]
Product=SpyRemover
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyRemover demo version appears to install normally but finds a lot of false positives, most likely intentional to make the user buy the full version
[Zlob.Downloader.iec]
Product=Zlob.Downloader.iec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[IEDefender]
Product=IEDefender
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=IEDefender claims to be an antispyware solution. It gets installed by the Zlob trojan and gets advertised by popups and fake google search results.
[IE-Improver]
Product=IE-Improver
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=IE-Improver installs by a drive-by installer when the user is visiting a malicious website. If the computer is infected the user gets a lot of pop-up advertisement when he is surfing the web.
[CoolToolBar]
Product=CoolToolBar
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=CoolToolBar installs a toolbar in the Internet Explorer (IE) which the user cannot uninstall easily. If the user tries to search the internet by using this malicious website the Internet Explorer freezes.
[AntiSpyZone]
Product=AntiSpyZone
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AntiSpyZone claims to be an antispyware solution that shows harmless entrys as high risk problems. If the user wants to fix this false positives he has to purchase a licence.
[KazaapAdwareAndSpywareRemover]
Product=KazaapAdwareAndSpywareRemover
Company=Opensoft Corporation
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=KazaapAdware&SpywareRemover finds threats where there are none. It is a typical rogue antispy program which forces the user to register and buy the full version/the fix of the not existing threats.
[FroggieScan]
Product=FroggieScan
Company=Rebrand Software
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The program pretends to be an anti spyware program. Same application as Ad-PurgeSpywareAndAdwareRemoverPro or SpyShield.
[BPSSpyEliminator]
Product=BPSSpyEliminator
Company=BulletProofSoft
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=BPSSpyEliminator claims to be a serious antispyware solution. When it is installed on the computer it tries to delete Spybot - Search & Destroy. BPSSpyEliminator seems to be the same application as BPSAdwareStriker.
[MalwareScanner]
Product=MalwareScanner
Company=MalwareRemover.com
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=This should be an anti-malware scanner.
Privacy=
Description=The program is installed through a downloaded .exe file. The program scans the system in search for malware. It flags harmless registry entries as severe risks and when the user wants to fix these entries, he is shown a "buy product" screen. It also leaves registry entries when uninstalled.
[CleanSpaceUltimate]
Product=CleanSpaceUltimate
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=CleanSpaceUltimate is a tool for cleaning temporary files or browser traces on your PC.
Privacy=
Description=CleanSpaceUltimate leaves files and registry entries on the system when deinstalled. It saves system information in some textfiles and offers a 10% disount when purchasing on the first day and a quite suspicious 50% discount when trying to uninstall the program.
[Win32.IrcContact]
Product=Win32.IrcContact
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.IrcContact copies an executable and library file into system directory, starts itself in autorun as "FrameWork 2.5" without giving the user a possibility to cancel that process.
[SoBar]
Product=SoBar
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SoBar installs two services and copes many files to your system. It also installs a BHO which is loaded on every Internet Explorer startup.
[One-Shot-Antivirus]
Product=One-Shot-Antivirus
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=One-Shot-Antivirus is not an antivirus program but malware. It starts a batch script which creates 3 new useraccounts, restarts the computer, disables taskmanager, controlpanel, run, firewalls, find, searchbuttons, toolbars in the taskbar, context menu etc. An autorentry is created to be loaded on every system startup. After deletion by Spybot Search & Destroy please remove the new useraccounts.
[Pigeon.1604]
Product=Pigeon.1604
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=After execution Pigeon.1604 copies itself into the system directory and creates an autorun entry to be loaded every windows startup. It replaces your default Internet explorer startpage by jychoi.512j.com/malaysi
[Noadware]
Product=Noadware
Company=Marketflip Technologies, LLC
Threat=Malware
CompanyURL=http://www.noadware.net/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=NoAdware claims to be a serious antispyware application. It gives warnings for false positives and cookies from sites used by it thus urging the user to buy the software. The domain is registered via domains by proxy to hide proper contact information like a postal address. There are also serious long time false positives of Winpcap. Other products by Marketflip Technologies, LLC are almost identical.
[BPSSpywareRemover]
Product=BPSSpywareRemover
Company=Bulletproofsoft
Threat=Malware
CompanyURL=http://www.bulletproofsoft.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an anti-spyware software
Privacy=
Description=The program is installed through a downloaded .exe file. It produces false positives in order to threaten the user to purchase the full version. It also flags Spybot S&D. Used to have Uses a stolen Spybot-S&D database and is therefore a copyright infringement.
SalisburyID=287
[Virtumonde.ddc]
Product=Virtumonde.ddc
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This variant of the Virtumonde trojan horse disguises itself as a domain service and runs in background. It adds itself as a service and bypasses the Windows Firewall. It also changes the settings for Windows File Protection.
[Maxion.MaxnetShield]
Product=Maxion.MaxnetShield
Company=Maxion
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a legit security software
Privacy=
Description=MaxnetShield stands in close relation to Spy-Killer another rogue security software by the same vendor. Maxion hides behind Domains by Proxy thus making it hard for users to get in contact with Maxion if issues with refund should arise, which is intented.
[IESearchToolbarHelper.vbs]
Product=IESearchToolbarHelper.vbs
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be some kind of browser toolbar.
Privacy=
Description=This hijacker installs a browser toolbar which redirects the start and search page to its own malicious website. Searches done with the toolbar redirect to porn sites or fake search sites.
[FakeMSUpdate.ede]
Product=FakeMSUpdate.ede
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a Microsoft update.
Privacy=
Description=This trojan horse installs itself as a service and runs in background. It connects to the Internet and sends data about the user's computer.
[DropAgent.rtk]
Product=DropAgent.rtk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a Comedy Planet client, software that delivers the user with daily jokes.
Privacy=
Description=DropAgent.rtk installs files and services which are hidden from the Windows API (rootkit functionality), the System Service Description Table (SSDT) is also manipulated to hide the trojan files and services. For help with removal please contact Team Spybot S&D via email or forum ( http://forums.spybot.info/ ).
[Bancos.Qhost.tu]
Product=Bancos.Qhost.tu
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a flashplayer installer.
Privacy=
Description=Once the fake flashplayer installer is executed, it installs a fake winlogon.exe in dllcache, a fake jushed.exe in common programs and adds a service.confi executable file to the winlogon to make sure that it gets loaded on system start. The trojan horse hijacks the host file redirecting banking and shopping sites to phishing sites and blocking security sites.
[Awola.Anti-Spyware]
Product=Awola.Anti-Spyware
Company=Awola Development LLC
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a legit anti-spyware software
Privacy=
Description=Awola.Anti-Spyware is a rogue anti-spyware software that shows fabricated threats to urge the user to pay for removal. The threats found cannot be reviewed in detail. Awola hides what is being found and classifies these as a highly critical threat.
[WiperWizard]
Product=WiperWizard
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The program is installed through a downloaded .exe file. It produces false positives in order to threaten the user to purchase the full version.
[SpywareAnnihilatorPro]
Product=SpywareAnnihilatorPro
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an anti-spyware software
Privacy=
Description=SpywareAnnihilatorPro claims to be an antispyware solution. When it is installed on the computer it finds some harmless entries as high risk problems and the user has to purchase a license to solve this non existing problems.
[SecureMyPC]
Product=SecureMyPC
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be an anti-spyware software
Privacy=
Description=SecureMyPC claims to be an antispyware solution. When it is installed on the computer it finds some harmless entries as high risk problems and the user has to purchase a license to solve this non existing problems.
[BPSSpywareStriker]
Product=BPSSpywareStriker
Company=Bulletproofsoft
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an anti-spyware software
Privacy=
Description=The program is installed through a downloaded .exe file. It produces false positives in order to threaten the user to purchase the full version. It also flags Spybot S&D as attackware. It stands in close relation to other rouge products from BulletproofSoft.
[BPSSpywareCops]
Product=BPSSpywareCops
Company=Bulletproofsoft
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be an anti-spyware software
Privacy=
Description=The program is installed through a downloaded .exe file. It produces false positives in order to threaten the user to purchase the full version. It also flags Spybot S&D as Attackware. Additionally they have stolen the icon from Symantec.
[SpyLax]
Product=SpyLax
Company=Healthy Computer Club
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyLax finds threats where there are none. It is a typical rogue antispyware program which forces the user to register and buy the full version in order to fix the not existing threats.
[BPSSpywareZapper]
Product=BPSSpywareZapper
Company=spywarezapper.com
Threat=Malware
CompanyURL=http://www.bulletproofsoft.com/
CompanyProductURL=http://www.spywarezapper.com/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=BPSSpywareZapper claims to be a serious antispyware solution. When it is installed on the computer it tries to delete Spybot - Search & Destroy. BPSSpywareZapper seems to be the same application as BPSAdwareStriker.
[SpyViper]
Product=SpyViper
Company=iSnake.net
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The program pretends to be an antispyware program. Same application as Ad-PurgeSpywareAndAdwareRemoverPro or SpyShield.
[SpyStriker]
Product=SpyStriker
Company=Bulletproofsoft
Threat=Malware
CompanyURL=http://www.bulletproofsoft.com/
CompanyProductURL=http://www.spystriker.com/
CompanyPrivacyURL=
Functionality=supposed to be an anti-spyware software
Privacy=
Description=The program is installed through a downloaded .exe file. It produces false positives in order to threaten the user to purchase the full version. It also flags Spybot S&D.
[Win32.Nuclear.ax]
Product=Win32.Nuclear.ax
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Nuclear.ax copies an executable file into the Windows directory, starts itself in autorun as "install" without giving the user a possibility to cancel that process.
[Virtumonde.dl]
Product=Virtumonde.dl
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This part of the Virtumonde trojan horse are various downloads made by other parts of Virtumonde. They usually do not come alone. For further help with removal please contact Team Spybot S&D via email detections@spybot.info or forums: http://forums.spybot.info/
[Virtumonde.SecCenter]
Product=Virtumonde.SecCenter
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This is a part of the Virtumonde trojan horse that pretends to be a part of a security center. It gets started at system start and runs in background. It is able to reload other parts of Virtumonde. For further help with removal please contact Team Spybot S&D via email detections@spybot.info or forums: http://forums.spybot.info/
[Virtumonde.Dll]
Product=Virtumonde.Dll
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Part of the Virtumonde trojan horse. These dynamic link libraries get installed as browser helper objects to get loaded with the Internet Explorer. They also get started via winlogon, thus getting started when a user logs on. Removal requires reboot, the Internet Explorer should not be used when infected with Virtumonde. For further help with removal please contact Team Spybot S&D via email detections@spybot.info or forums: http://forums.spybot.info/
[Virtumonde.Crack]
Product=Virtumonde.Crack
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a crack for various software.
Privacy=
Description=This part of the Virtumonde trojan horse is one of the ways it gets installed. It pretends to be a software crack and by the way it installs its malicious other parts and advertising fake anti spyware software. For further help with removal please contact Team Spybot S&D via email detections@spybot.info or forums: http://forums.spybot.info/
[UltraSoft.Xlib]
Product=UltraSoft.Xlib
Company=Ultra Soft
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This malware gets installed along the Virtumonde trojan horse. It runs in background and installs itself without user consent. It may also help in reloading parts of Virtumonde.
[Win32.PePatch.dk]
Product=Win32.PePatch.dk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.PePatch.dk copies an executable file into system directory, adds itself in the firewall list as a good application without giving the user a possibility to cancel that process.
[Win32.Optix.Pro]
Product=Win32.Optix.Pro
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Optix.Pro copies an executable file into system directory, starts itself in autorun as "GLSetIT32" without giving the user a possibility to cancel that process.
[Win32.Delf.xo]
Product=Win32.Delf.xo
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.xo copies an executable and library files into system and windows directory, starts itself in autorun as "services" without giving the user a possibility to cancel that process.
[Win32.Delf.arg]
Product=Win32.Delf.arg
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.arg starts itself in autorun as "bursa_komp1" and switch off firewall without giving the user a possibility to cancel that process.
[Win32.Banload.evb]
Product=Win32.Banload.evb
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Banload.evb copies a library file into the system directory, starts itself via an autorun as "ctfmon" and installs a windows service ("netrt") without giving the user a possibility to cancel that process.
[Win32.Bandok.av]
Product=Win32.Bandok.av
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Bandok.av copies an executable file into the system directory, starts itself in autorun as "Winrebootrecover" without giving the user a possibility to cancel that process.
[FusionBomber]
Product=FusionBomber
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=FusionBomberis a SMS-flooder that sends a series of unwanted SMS-messages to mobile phones.
[Win32.Tiny.abk]
Product=Win32.Tiny.abk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Tiny.abk installs a system service to get started each windows startup. Additionally it tries to contact to some malicious websites to download other malware.
[Win32.Agent.cmn]
Product=Win32.Agent.cmn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.cmn copies itself to the fonts directory of the operating system where it is invisible for the normal user. Afterwards it generates a lot of zip archives including a copy of his own and sents it to malicious website to spread the trojan to other computers.
[ProData.DoctorKeylogger]
Product=ProData.DoctorKeylogger
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=ProData.DoctorKeylogger records all keystrokes without the user's awareness or consent about this. It tracks the user's surfing and working behaviour and runs silently in the background of the operating system.
[StartGuard]
Product=StartGuard
Company=StartGuard Software
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=StartGuard scans the currently running processes in order to identify possible threats.
Privacy=
Description=StartGuard flags process entries definitely not being dangerous as riskful (false positives). Knowledge Base on their website uses information found by Google searches.
[SpywareLocker]
Product=SpywareLocker
Company=SpywareLocker
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpywareLocker claims to be an antispyware solution. If it is installed on the computer it detects some spyware even if the computer is a totally clean machine. In order to fix these problems, the user needs to purchase a license. Related to SpyShredder, AdwareRemover2007, SpywareLocker, BraveSentry and MagicAntiSpy.
[OnlineGuard]
Product=OnlineGuard
Company=OnlineGuard
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=OnlineGuard is a rogue security program that shows false Warning messages. It also shows misleading scan results. It also uses aggressive advertising and can also install through trojan exploits. Same tool as Spywarelocker. Related to SpyShredder, AdwareRemover2007, SpywareLocker, BraveSentry and MagicAntiSpy.
[Win32.Zlob.bbo.rtk]
Product=Win32.Zlob.bbo.rtk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The downloaded file moves itself to Windows directory and is renamed. The file is hidden from Windows-API (rootkit-functionality). Please scan with an anti-rootkit device. If you have problems with removal, please contact our support.
[VirusProtect]
Product=VirusProtect
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be an antispyware software
Privacy=
Description=Official demo version appears to install normally but finds a lot of false positives, most likely intentional to make the user buy the full version. VirusProtect is the same application as SpywareQuake, SpyCrush and Spylocked and is advertised by fake Windows messages.
[DeepThroat]
Product=DeepThroat
Company=DarkLIGHT Corp
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=DeepThroat is a Remote Control Tool, that allows to control someone`s PC over a network.
[Win32.Shark.af]
Product=Win32.Shark.af
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be Windows Update or a porn software.
Privacy=
Description=This trojan horse uses a porn software as a bait to get executed. Once executed the trojan horse adds itself as Windows Update to the system start and continuously sends request to a fixed IP address. The trojan horse is packed with Themida which is supposed to prevent reverse engeneering and/or monitoring with security tools.
[Stration.Warezov]
Product=Stration.Warezov
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse adds itself to the winlogon and several system start entries. It runs in background, downloads additional programs and starts to send spam emails in background. It also adds itself to the Appinit_Dlls which causes its dlls to be loaded with every other program. A symptom is that the qtfcsu.dll failed to get loaded, this error message appears on start of every program. The added Winlogon entry is "admewinr" refering to the file "admewinr.dll" in the system directory. Removal will require to disconnect from the internet and reboot your computer, Spybot S&D will automatically rescan on system start. It is possible that another reboot is required to remove the remains of this trojan horse. For help with removal please contact Team Spybot S&D via email or forums (detections@spybot.info or forums.spybot.info).
[Win32.Virut.ak]
Product=Win32.Virut.ak
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Virut.ak copies an executable file into the system directory, starts itself in autorun as "Windows Network Firewall" without giving the user a possibility to cancel that process.
[Win32.QQPass.nt]
Product=Win32.QQPass.nt
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.QQPass.nt copies an executable file into the system directory, starts itself in autorun as "SoundMam" and deactivates the Windows Security Center without giving the user a possibility to cancel that process.
[Win32.PcClient.agu]
Product=Win32.PcClient.agu
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.PcClient.agu copies an executable file into the root directory and starts an executable file in background without giving the user a possibility to cancel that process.
[Win32.Pakes.bqn]
Product=Win32.Pakes.bqn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Pakes.bqn copies an executable file into the system directory, adds itself in policy list as "NTSpool" without giving the user a possibility to cancel that process.
[Win32.Agent.mf]
Product=Win32.Agent.mf
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.mf starts itself in autorun as "Advanced DHTML Enable" without giving the user a possibility to cancel that process.
[Win32.Agent.BU]
Product=Win32.Agent.BU
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.BU copies an executable and library file into the system and windows directory, starts itself in autorun as "AVPSrv", "cmdbcs", "DbgHlp32", "GenProtect", "Kvsc3", "LotusHlp", "mppds", "msccrt", "MsIMMs32", "MsPrint32D", "NVDispDrv", "upxdnd" without giving the user a possibility to cancel that process.
[Zlob.Downloader.rid]
Product=Zlob.Downloader.rid
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Win32.MancSync]
Product=Win32.MancSync
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.MancSync installs itself into the system directory of the operating system and claims to be an update for the Windows Messenger. When the computer is infected it connects to the internet and shows pop up advertisement.
[Win32.Porntool.a]
Product=Win32.Porntool.a
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The tool creates an autorun entry for itself to run on system startup. When it is run, it creates porn pop ups, which cannot be closed with simple techniques. In addition, the taskmanager and registry editor are disabled. The file needs .NET to run.
[Win32.Agent.nn]
Product=Win32.Agent.nn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan registers a library file which has abilities to open internet connections and log google requests. It also creates registry entries.
[WinClear]
Product=WinClear
Company=Marketflip Technologies, LLC
Threat=Malware
CompanyURL=http://www.noadware.net/
CompanyProductURL=http://www.winclear.com/
CompanyPrivacyURL=
Functionality=Supposed to erase usage tracks, like cookies, internet cache, list of used applications and so on.
Privacy=
Description=Software belongs to Marketflip Technologies like the rogue antispyware software NoAdware or Spyware Solver. Its domain is registered through domains by proxy. Neither license nor website state proper contact information or any information about the company. Exaggerated results serve to make the user buy the software.
[Win32.Shark.bw]
Product=Win32.Shark.bw
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a Windows update.
Privacy=
Description=This trojan horse is a variant of the Win32.Shark trojan horse. It adds itself to the system start as "Windows Update" and runs in background as a file named similar to the svchost.exe. It constantly contacts an IP address in the internet. The trojan horse is packed with Themida which is supposed to prevent reverse engeneering and/or monitoring with security tools.
[SpywareSolver]
Product=SpywareSolver
Company=Marketflip Technologies, LLC
Threat=Malware
CompanyURL=http://noadware.net/
CompanyProductURL=http://spywareresolver.com/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Spyware Solver claims to be a serious antispyware application. It gives warnings about false positives and cookies from sites used by it, thus urging the user to buy the software. The domain is registered via domains by proxy to hide proper contact information like a postal address. There are also serious long time false positives of Winpcap. Other products by Marketflip Technologies, LLC are almost identical. This is the same as NoAdware.
[Smitfraud-C.generic]
Product=Smitfraud-C.generic
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Smitfraud-C.generic is a collection of generic rules for the detection of Smitfraud-C. which installs itself without user consent, fakes legit software, downloads and installs additional malware and/or trojan horses.
[RegistryFix]
Product=RegistryFix
Company=Marketflip Technologies, LLC
Threat=Malware
CompanyURL=http://www.noadware.net/
CompanyProductURL=http://www.registryfix.com/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Software belongs to Marketflip Technologies like the rogue antispyware software NoAdware or Spyware Solver. Its domain is registered through domains by proxy. Neither license nor website state proper contact information or any information about the company. False positives and warning messages serve to make the user buy the software. This software is identical to ErrorClean which is also from Marketflip Technologies.
[ErrorClean]
Product=ErrorClean
Company=Marketflip Technologies, LLC
Threat=Malware
CompanyURL=http://www.noadware.net/
CompanyProductURL=http://www.errorclean.com/
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Software belongs to Marketflip Technologies like the rogue antispyware software NoAdware or Spyware Solver. Its domain is registered through domains by proxy. Neither license nor website state proper contact information or any information about the company. False positives and warning messages serve to make the user buy the software. This software is identical to RegistryFix which is also from Marketflip Technologies.
[Zlob.Downloader.jot]
Product=Zlob.Downloader.jot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Win32.BHO.je]
Product=Win32.BHO.je
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs a library to a directory called "Helper" or "404 Helper". Once installed the product nags the user with advertising pop-ups for "Best Selling Antivirus" software.
[Win32.VB.ays]
Product=Win32.VB.ays
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.ays changes shell parameters in the registry without giving the user a possibility to cancel that process.
[Win32.VB.ang]
Product=Win32.VB.ang
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.ang starts itself in autorun using a randomized value without giving the user a possibility to cancel that process.
[Win32.SCKeyLog.au]
Product=Win32.SCKeyLog.au
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.SCKeyLog.au copies an executable and library file into the system directory, starts itself via Winlogon as "hanghang" without giving the user a possibility to cancel that process.
[Win32.Benvie]
Product=Win32.Benvie
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Benvie copies an OCX-file into the system directory without giving the user a possibility to cancel that process.
[Win32.Banker.cuk]
Product=Win32.Banker.cuk
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Banker.cuk starts itself in autorun as "SymantecFilterCheck" without giving the user a possibility to cancel that process.
[Win32.AutoRun.aiv]
Product=Win32.AutoRun.aiv
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.AutoRun.aiv copies an executable file into the system directory, starts itself as a service "DE5BD8A7 ", "SYS1", "SYS", "SYS3" and restarts Windows without giving the user a possibility to cancel that process. It also connects to its malicious website and downloads additional executables.
[Win32.Agent.ph]
Product=Win32.Agent.ph
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.ph changes boot.ini and blocks Windows start.
[SpyBossPro]
Product=SpyBossPro
Company=Gear Box Computer Software
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyBossPro installs to the program files directory and runs silently in the background. It records all keystrokes without user consent and thus makes it possible to spy on the user.
[Protexis.RecOnServer]
Product=Protexis.RecOnServer
Company=Protexis
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Commercial Spyware
Privacy=
Description=If the client of Protexis.RecOnServer is installed on the system it sends all personal information e.g. keystrokes, screenshots of your work and network traffic to a malicious website where it is possible to spy on the user.
[Qwertystudio.MOD]
Product=Qwertystudio.MOD
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Qwertystudio.MOD installs to the program files directory and runs silently in the background. It records all keystrokes without user consent and thus makes it possible to spy on the user.
[Win32.Adrenaline.a]
Product=Win32.Adrenaline.a
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Adrenaline.a copies a few executable files into the root directory without giving the user a possibility to cancel that process. Also creates an autorun entry similar to Windows startup entries (UINotify) to be started on every system start.
[Win32.Agent.bfj]
Product=Win32.Agent.bfj
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.bfj copies executable files into the system directory, connects to the internet in background and downloads files without giving the user a possibility to cancel that process. Additionally it adds itself to the SecurityProviders registry key.
[Win32.Agent.bxh]
Product=Win32.Agent.bxh
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.bxh copies an executable file into the temp directory, starts itself in autorun as "Winupdates" without giving the user a possibility to cancel that process. Installs itself in the regsitry and sets the lpld3.exe on the list of authorized applications to bypass the windows firewall.
[Win32.Delf.afm]
Product=Win32.Delf.afm
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.afm connects to the internet in background and downloads files without giving the user a possibility to cancel that process.
[Win32.Nakuru.a]
Product=Win32.Nakuru.a
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Nakuru.a copies an executable file into system directory, starts itself in services as "kspooldaemon" without giving the user a possibility to cancel that process.
[Win32.Rbot.bdu]
Product=Win32.Rbot.bdu
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Rbot.bdu copies an executable file into system directory, starts itself in autorun and in services as "Microsoft Update 32" without giving the user a possibility to cancel that process.
[Win32.BHO.acw]
Product=Win32.BHO.acw
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan installs a .dll file into the system directory which is registered as a browser helper object. It creates several registry entries.
[Win32.Qhost.abh]
Product=Win32.Qhost.abh
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse gets installed by other trojan horses like Virtumonde. It adds itself to the security providers to get started automatically.
[Clickspring.OuterInfo]
Product=Clickspring.OuterInfo
Company=Clickspring LLC
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=advertising software
Privacy=
Description=Clickspring.Outerinfo is able to install without user consent and with no reference to uninstall the software. It installs itself to the Internet Explorer and FireFox. It also runs in background and starts the Internet Explorer with popup windows.
[Win32.Sohanad.as]
Product=Win32.Sohanad.as
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Sohanad.as copies an executable file into the system directory, starts itself in autorun as "Yahoo Messengger" without giving the user a possibility to cancel that process. It also changes settings in the registry in order to block the Windows registry editor and task manager.
[Win32.Small.ih]
Product=Win32.Small.ih
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.ih copies an executable file into the Windows directory and authorizes itself for the Windows Firewall without giving the user a possibility to cancel that process. It compromises the Windows safe mode feature. It also loads Smithfraud-C. variants.
[WinXDefender]
Product=WinXDefender
Company=WinXDefender
Threat=Malware
CompanyURL=winxdefender.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WinXDefender claims to be an antivirus solution. If it is installed on the computer it detects some spywares even if the computer is a totally clean machine. If the user wants to fix these problems, he has to buy a license.
[Win32.Delf.bvz]
Product=Win32.Delf.bvz
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse pretends to be a video and launches the Windows Media Player. It has abilities to download files and to get in contact with servers.
[Win32.Agent.gvu]
Product=Win32.Agent.gvu
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=[...]The Multimedia Decoder Software will show you a limited number of ads that pop up on your screen in a separate browser. The ads are based on keywords from the websites you visit.[...]
Description=The trojan installs a .dll file as a browser helper object (BHO). It is able to produce popups and download files without user consent.
[Win32.Agent.gs]
Product=Win32.Agent.gs
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The file runs in background. It is able to delete and create files and connects to the internet.
[Fotomoto]
Product=Fotomoto
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan creates registry entries and connects to the internet. It changes a registry entry which ensures that Windows File Protection gives notification on replacement of system files. If you have changed this value yourself, you may uncheck/exclude this detection.
[Zlob.Downloader.ol]
Product=Zlob.Downloader.ol
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The Zlob.Downloader.ol trojan downloads and installs malware to infected computers for example the Emlkdvo Toolbar
[Win32.Banker.ekn]
Product=Win32.Banker.ekn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse pretends to be Windows Defender or other legit files from Microsoft. It runs in background, connects to various email servers and installs a service named "GbpSv".
[Dozorce.Spy]
Product=Dozorce.Spy
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Dozorce.Spy is a commercial spyware that can be used to spy on other users. It can access the internet, the users webcam, take screenshots, log keystrokes and hides itself in background.
[Zlob.Downloader.wot]
Product=Zlob.Downloader.wot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[Win32.Banker.BCN]
Product=Win32.Banker.BCN
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan Win32.Banker.BCN copies to the system directory of the operating system and tries to install an application that sends out lot of spam mails. When the user wants to restart the computer the trojan causes that Windows freezes.
[Win32.VB.jl]
Product=Win32.VB
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.jl tries to connect to the internet. When connected to a server it waits for new orders to spy on the user. It disguises as a system file.
[Win32.Agent.p]
Product=Win32.Agent.p
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.p overwrites the Internet Explorer in order to connect to the internet. When connected to a server it waits for new orders to spy on the user.
[Backdoor.Nok-Nok]
Product=Backdoor.Nok-Nok
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Backdoor.Nok-Nok hides in the system directory. When connected to a server it waits for new orders to spy on the user or to damage the system.
[Win32.Agent.oc]
Product=Win32.Agent.oc
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan tries to connect to the internet via the Internet Explorer in background and install a wallpaper on the users desktop.
[MalwareCrush]
Product=MalwareCrush
Company=Malwarecrush
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=The product claims to be an antispyware solution.
Privacy=
Description=MalwareCrush claims to be an antispyware solution. If it is installed on the computer it detects some cookies as spyware. In order to fix these problems, the user needs to purchase a licence. The software is (nearly) the same as SpywareQuake and related programs.
[Win32.IRCBot.chz]
Product=Win32.IRCBot.chz
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan copies itself to the system directory and tries to connect to an IRC server. It creates an autorun entry in order to run at the system startup.
[Doctor-Adware]
Product=Doctor-Adware
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Doctor-Adware claims to be an antispyware solution. When it is installed on the computer it shows a lot of harmless cookies, browser helper objects and autorun entries as high risk spyware problems. These entries has been installed by Doctor-Adware itself. When the user wants to fix this false positives he has to purchase a licence.
[AntiSpyStorm]
Product=AntiSpyStorm
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AntiSpyStorm claims to be an antispyware solution that shows harmless entries as high risk problems. If the user wants to fix this false positives he has to purchase a licence.
[Zlob.Downloader.xot]
Product=Zlob.Downloader.xot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[Zlob.Downloader.dcc]
Product=Zlob.Downloader.dcc
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[Win32.Agent.bkd]
Product=Win32.Agent.bkd
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs a library into the system directory. This file creates unwanted popups linking to malicious websites.
[Win32.Autorun]
Product=Win32.Autorun
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Autorun copies an exetutable file into the system and windows directories. It starts itself via autorun.inf located on the system drive, without giving the user a possibility to cancel that process. Also changes standard settings for .reg- and .vbs extentions in registry
[Win32.Alphabet.ap]
Product=Win32.Alphabet.ap
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Alphabet.ap copies an executable file into the windows directory, starts itself via autorun as "lsass" without giving the user a possibility to cancel that process.
[Win32.Bagle.hi]
Product=Win32.Bagle.hi
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Bagle.hi copies itself into the system directory of the operating system and installs a service that hides the executable files from security software. Additionally it replaces some legit autorun files to be launched at the startup, so it is very difficult to discover this trojan. CAUTION: Spybot may find some files with origin file names that got changed by Win32.Bagle.hi. It is necessary to remove those files. Please restart Windows after removing process has been completetd.
[NiceSpy.XPKeylogger]
Product=NiceSpy.XPKeylogger
Company=YL Computing Inc.
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=NiceSpy.XPKeylogger tracks the user's surfing and working behaviour. NiceSpy.XPKeylogger creates autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and thus makes it possible to spy on the user. Same application as NiceSpy.Keylogger.
[NiceSpy.Keylogger]
Product=NiceSpy.Keylogger
Company=NiceSoft Studio
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=NiceSpy.Keylogger tracks the user's surfing and working behaviour. NiceSpy.Keylogger creates autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and thus makes it possible to spy on the user. Same application as NiceSpy.XPKeylogger.
[Safestrip]
Product=Safestrip
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Safestrip scans the system looking for spyware with outdated detection rules. It will find security risks and when the user tries to fix those he has to purchase a license. A reminder pops up every few minutes to urge the user to register.
[Win32.Small.hk]
Product=Win32.Small.hk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan uses a running Internet Explorer to create a html-file which can be submitted to a foreign server.
[WebWatcher]
Product=WebWatcher
Company=Awareness Technologies Inc.
Threat=Spyware
CompanyURL=http://www.awarenesstech.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WebWatcher installs to the system directory and runs silently in the background. It records all keystrokes and visited websites and creates screenshots of all used applications so it is possible to spy on the user. Additionally WebWatcher claims that there is no security tool that can stop its doing.
[Win32.Delf.uv]
Product=Win32.Delf.uv
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.uv copies executable, library and data (as fonts) files into the windows/fonts directory, starts itself via autorun as "MsPrint32D", "NAVMon32", "PTSShell", "TBMonEx", "upxdnd", "WinForm", "WSockDrv32" and in autorun.inf without giving the user a possibility to cancel that process.
[Win32.Small.BB]
Product=Win32.Small.BB
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.BB copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Win32.SDBot.BHLK]
Product=Win32.SDBot.BHLK
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.SDBot.BHLK copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[Zlob.Downloader.tnd]
Product=Zlob.Downloader.tnd
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs a library to the Windows directory, creates a toolbar within the internet explorer which links to rogue software sites.
[Zlob.Downloader.se]
Product=Zlob.Downloader.se
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs a library to the Windows directory and creates a toolbar within the internet explorer which links to rogue software sites.
[Zlob.Downloader.gen]
Product=Zlob.Downloader.gen
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan Downloader. Generic detection rules for Zlob - a trojan that installs a library to the Windows directory, creates a Browser Helper Object within the internet explorer which links to rogue software sites.
[Zlob.Downloader.eaw]
Product=Zlob.Downloader.eaw
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs a library to the Windows directory, creates a Browser Helper Object within the internet explorer which links to rogue software sites.
[Win32.Agent.oh]
Product=Win32.Agent.oh
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs a library to the windows directoy and installs a toolbar within the internet explorer which links to rogue software sites.
[Win32.Harnig.bn]
Product=Win32.Harnig.bn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Harnig.bn copies executable and library files into the system and the windows directory, it adds itself to the windows firewall list as a good application without giving the user a possibility to cancel that process.
[Win32.Agent.ea]
Product=Win32.Agent.ea
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.ea copies an executable file into the windows directory, starts itself via autorun as "msnmsgsgsfa32" without giving the user a possibility to cancel that process.
[Win32.Lineage.bus]
Product=Win32.Lineage.bus
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Lineage.bus copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer.
[AdvancedCleaner]
Product=AdvancedCleaner
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AdvancedCleaner claims to search your computer for traces of adult content that could be a risk for your reputation. If the user scans with AdvancedCleaner it will find hundreds of possible items e.g. Internet history that could contain such adult content. When the user wants to delete these false traces he has to purchase a license.
[Win32.Delf.dsf]
Product=Win32.Delf.dsf
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan tries to download malicious files from a server without user consent.
[Firehole]
Product=Firehole
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan tries to connect to a server via Internet Explorer and sends a message. Thus it may prove that it is able to bypass the personal firewall.
[Win32.Delf.aoa]
Product=Win32.Delf.aoa
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.aoa installs a library file to the system directory and creates a browser helper object within the internet explorer which links to rogue software sites. Win32.Delf.aoa is a member of the Smitfraud family.
[Win32.Sohanad.t]
Product=Win32.Sohanad.t
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Sohanad.t copies executable files into the windows and the system directories and starts itself via autorun as "Yahoo Messengger" without giving the user a possibility to cancel that process. Additionally Win32.Sohanad.t disables the possibility to enter the registry editor and the task manager.
[Win32.RJump.c]
Product=Win32.RJump.c
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.RJump.c copies an executable file into the windows directory, starts itself in autorun as "Bittorrent" and tries to connect to the internet in background without giving the user a possibility to cancel that process.
[Win32.Expiro]
Product=Win32.Expiro
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Win32.Expiro injects itself into executable files on the infected computer.
[SpyMail]
Product=SpyMail
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Commercial Spyware for Outlook Express.
Privacy=
Description=When SpyMail is installed on the system it tries to spy out users mails from Outlook Express. Additionally it is able to send all mails to another email address without the users awareness.
[ErrorSweeper]
Product=ErrorSweeper
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=ErrorSweeper claims to be a security software. When it is installed on the computer it finds harmless entries as high risk security problems. To fix these false issues the user has to purchase a licence.
[SpyLantern]
Product=SpyLantern
Company=Spydex, Inc
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyLantern tracks the users surfing and working behaviour. SpyLantern creates autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and thus makes it possible to spy on the user. SpyLantern hides itself using rootkit functions.
[Win32.Delf.dch]
Product=Win32.Delf.dch
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan opens TCP/IP-connections to russian mail servers in background without the users awareness.
[Maxadult]
Product=Maxadult
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This illegal dialer copies itself to the system drive and creates shortcuts to an italian pornsite and to the file itself.
[Win32.VNC.a]
Product=Win32.VNC.a
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VNC.a disguises itself as system files and starts itself as "WinXpSecurty". All files get installed to a directory "dos" in the system directory.
[Win32.PolyCrypt.d]
Product=Win32.PolyCrypt.d
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.PolyCrypt.d connects to the internet in background and downloads malicious executable files.
[Win32.Delf.s]
Product=Win32.Delf.s
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.s copies an executable and library files into system directory, starts itself in autorun and winlogon as "$system" without giving the user a possibility to cancel that process.
[Win32.Agent.dlo]
Product=Win32.Agent.dlo
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=When the computer is infected with Win32.Agent.dlo it continuously restarts the operating system.
[WinKey.StealthKeylogger]
Product=WinKey.StealthKeylogger
Company=Amplusnet
Threat=Keylogger
CompanyURL=amplusnet.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WinKey.StealthKeylogger tracks the user's surfing and working behaviour. WinKey.StealthKeylogger creates autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and hence makes it possible to spy on the user.
[SolidKeylogger]
Product=SolidKeylogger
Company=Virtuoza
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SolidKeylogger tracks the user's surfing and working behaviour. SolidKeylogger creates autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and thus makes it possible to spy on the user.
[Zlob.Downloader.anz]
Product=Zlob.Downloader.anz
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs a library file to the windows folder. Creates an autorun entry and links to rogue malware sites.
[Win32.Delf.dgb]
Product=Win32.Delf.dgb
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs a library file to the system folder and a browser helper object within the internet explorer. This product connects to rogue software sites and downloads different trojans. Member of the Zlob family.
[VirusHeat]
Product=VirusHeat
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be an antispyware software
Privacy=
Description=Official demo version appears to install normally but finds a lot of false positives, most likely intentional to make the user buy the full version. VirusHeat is the same application as VirusProtect, SpywareQuake, SpyCrush and Spylocked and is advertised by fake Windows messages.
[Win32.Tibia.aj]
Product=Win32.Tibia.aj
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Tibia.aj copies executable files into system and c:\windows\system directories, starts itself in autorun as "system" and "SysCtrl" without giving the user a possibility to cancel that process.
[Win32.Rungbu.a]
Product=Win32.Rungbu.a
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Rungbu.a copies an executable file into the system directory and starts itself in autorun as "kava" without giving the user a possibility to cancel that process. It also connects to the internet in background and downloads executable files from a malicious server.
[Win32.Agent.bpb]
Product=Win32.Agent.bpb
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.bpb installs executable files into the system directory and starts itself as service ("Windows Intelligent Smart") without giving the user a possibility to cancel that process.
[PassStealer]
Product=PassStealer
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=PassStealer searches the computer for passwords and saves them in a *.psf file, which is located at Windows\System32\ and named somelike PassStealerVx_x.psf. This software acts in the background without giving the user a possibility to cancel that process.
[RegistrySmart]
Product=RegistrySmart
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=RegistrySmart claims to be an antispyware solution. When the user scans his computer with RegistrySmart hundreds of alleged problems will be found. If the user wants to fix this misidentified threads he has to purchase a licence. RegistrySmart is in close relation to SpywareBOT, AdwareAlert and other malicious software.
[RegistryBot]
Product=RegistryBot
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=RegistryBot claims to be an antispyware solution. When the user scans his computer with RegistryBot hundreds of alleged problems will be found. If the user wants to fix this misidentified threads he has to purchase a licence. RegistryBot is in close relation to SpywareBOT, AdwareAlert and other malicious software.
[RegRecall]
Product=RegRecall
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=RegRecall claims to be an antispyware solution. When the user scans his computer with RegRecall hundreds of alleged problems will be found. If the user wants to fix this misidentified threads he has to purchase a licence. RegRecall is in close relation to SpywareBOT, AdwareAlert and other malicious software.
[RegClean]
Product=RegClean
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=RegClean claims to be an antispyware solution. When the user scans his computer with RegClean hundreds of alleged problems will be found. If the user wants to fix this misidentified threads he has to purchase a licence. RegClean is in close relation to SpywareBOT, AdwareAlert and other malicious software.
[PrivacyControl]
Product=PrivacyControl
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=PrivacyControl claims to be an antispyware solution. When the user scans his computer with PrivacyControl hundreds of alleged problems will be found. If the user wants to fix this misidentified threads he has to purchase a licence. PrivacyControl is in close relation to SpywareBOT, AdwareAlert and other malicious software.
[Fake.SpywareRemover]
Product=Fake.SpywareRemover
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Fake.SpywareRemover claims to be an antispyware solution. When the user scans his computer with Fake.SpywareRemover hundreds of alleged problems will be found. If the user wants to fix this misidentified threads he has to purchase a licence. Fake.SpywareRemover is in close relation to SpywareBOT, AdwareAlert and other malicious software.
[EvidenceEraser]
Product=EvidenceEraser
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=EvidenceEraser claims to be an antispyware solution. When the user scans his computer with EvidenceEraser hundreds of alleged problems will be found. If the user wants to fix this misidentified threads he has to purchase a licence. EvidenceEraser is in close relation to SpywareBOT, AdwareAlert and other malicious software.
[ErrorSmart]
Product=ErrorSmart
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=ErrorSmart claims to be an antispyware solution. When the user scans his computer with ErrorSmart hundreds of alleged problems will be found. If the user wants to fix this misidentified threads he has to purchase a licence. ErrorSmart is in close relation to SpywareBOT, AdwareAlert and other malicious software.
[AdwareBot]
Product=AdwareBot
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AdwareBot claims to be an antispyware solution. When the user scans his computer with AdwareBot hundreds of alleged problems will be found. If the user wants to fix this misidentified threads he has to purchase a licence. AdwareBot is in close relation to SpywareBOT, AdwareAlert and other malicious software.
[Wintouch]
Product=Wintouch
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Wintouch is installed with 3rd party programs or trojans without user consent. It is able to create popups or popunders and collect user data.
[Zlob.Downloader.sot]
Product=Zlob.Downloader.sot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Trojan downloader.
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers. This variant also changes the dhcp name server.
[SpySnipe]
Product=SpySnipe
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpySnipe claims to be an antispyware solution. When the user scans his computer with SpySnipe hundreds of alleged problems will be found. If the user wants to fix these misidentified threads he has to purchase a licence.
[Spambot.kf]
Product=Spambot.kf
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Spambot.kf is spread via MSN and email. When the computer is infected the trojan creates a service, an autorun entry and starts to send hundreds of mails via smtp. Additionally it tries to send itself to all MSN contacts.
[RegistryClear]
Product=RegistryClear
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=RegistryClear claims to be an antispyware solution. When the user scans his computer with RegistryClear hundreds of alleged problems will be found. If the user wants to fix these misidentified threads he has to purchase a licence. RegistryClear is in close relation to SpywareBOT, AdwareAlert and other malicious software.
[Marketflip.FakeSearchAndDestroy]
Product=Marketflip.FakeSearchAndDestroy
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Marketflip.FakeSearchAndDestroy tries to trick the user with a similar name of the well known antispyware application "Spybot - Search and Destroy". When Marketflip.FakeSearchAndDestroy is installed on the computer it tries to make the user believe that the comuter is infected with hundreds of malware issues. When the user wants to clean the system he has to purchase a licence. Marketflip.FakeSearchAndDestroy is in close relation to NoAdware and Registryfix, both well known rogue antispyware tools.
[Win32.Agent.icb]
Product=Win32.Agent.icb
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan installs itself as a library file into the system directory and creates some encrypted files in the help directory. It adds some registry entries and changes the user32.dll. This file has to be restored manually (a copy of it exists under random name in the system directory). It connects to the internet and loads the installed library file in the system directory via the changed user32.dll and winlogon.exe. It is able to send e-mails and terminate processes.
[Win32.BHO.abo]
Product=Win32.BHO.abo
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse runs in background, installs itself as a browser helper object (BHO) to get started with the Internet Explorer. It also installs a service which starts this trojan horse at system start. It runs in background and connects to its malicious websites.
[ShudderLtd.AntiVirusPro]
Product=ShudderLtd.AntiVirusPro
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse pretends to be a legit antivirus software. But it silently gets downloaded by trojan horses and gets promoted by false security warnings to make the user buy this fraud software.
[DL.Small.ddp]
Product=DL.Small.ddp
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse installs itself as browser helper object (BHO) to get started with the Internet Explorer, it also registers itself in Winlogon to get started on user logon. It runs in background, connects to the internet and downloads other malicious files.
[NousTech.SystemDefender]
Product=NousTech.SystemDefender
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=NousTech.SystemDefender claims to be a legit antispy software. It gets promoted or downloaded by trojan horses like Virtumonde. Its scan finds intentional false positives or less relevant parts of malware to make the user buy NousTech.SystemDefender. The company name is hidden by domains by proxy and not stated anywhere in the software nor on its website. NousTech.UDefender, NousTech.UCleaner and NousTech.SysCleaner are almost identical.
[NousTech.SysCleaner]
Product=NousTech.SysCleaner
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=NousTech.SysCleaner claims to be a legit privacy software. It gets promoted or downloaded by trojan horses like Virtumonde. Its scan finds intentional false positives and does not allow the user to see the details of the scan unless NousTech.SysCleaner is purchased, removal of the findings also requires purchase. The company name is hidden by domains by proxy and not stated anywhere in the software nor on its website. NousTech.UDefender, NousTech.UCleaner and NousTech.SysCleaner are almost identical.
[Zlob.Downloader.sg]
Product=Zlob.Downloader.sg
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan downloader which installs a library to the windows directory and creates an autorun entry. It also generates faked "Windows Security Alerts".
[Zlob.Downloader.mld]
Product=Zlob.Downloader.mld
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[Win32.VB.ck]
Product=Win32.VB.ck
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.ck installs executable files into the root directory, creates invisible start menu items (Run). It also blocks Windows TaskManager, RegEdit and changes the Internet Explorer startpage.
[WinSpyKiller]
Product=WinSpyKiller
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WinSpyKiller gets installed on the computer without user consent. When it is installed on the computer it will find some high risk malware (that does not really exist) and that can only be removed by purchasing a license.
[Win32.Dialer.aeh]
Product=Win32.Dialer.aeh
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Dialer.aeh hijacks the start page of your Internet Explorer to a website containing adult content and tries to establish an expensive dial-up connection.
[SpywareBOT.SpywareStop]
Product=SpywareBOT.SpywareStop
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpywareBOT.SpywareStop gets installed on the computer without user consent. When it is installed on the computer it will find some high risk malware (that does not really exist) and that only can be removed by purchasing a license.
[XPAdvancedKeylogger]
Product=XPAdvancedKeylogger
Company=XP-Tools
Threat=Keylogger
CompanyURL=xp-tools.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=XPAdvancedKeylogger tracks the user's surfing and working behaviour. XPAdvancedKeylogger creates autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and thus makes it possible to spy on the user. Also it is able to block chosen programs like antispyware or antivirus tools.
[Win32.Agent.jmh]
Product=Win32.Agent.jmh
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan connects to a brasilian website and opens a browser window. An additonal browser instance is run in background and downloads a fake .dll file into the system directory. This file gets registered with regsvr32.exe.
[Virtumonde.sdn]
Product=Virtumonde.sdn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Virtumonde.sdn consists of Virtumonde variants that load themselves into the Winlogon to get started on system log on. They also run as browser helper objects to take control of the users internet surfing. Virtumonde variants usually promote or install fake security software, they also install pop up advertising and other malware.
[Virtumonde.mhg]
Product=Virtumonde.mhg
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Virtumonde.mhg consists of Virtumonde variants that load themselves into the Winlogon to get started on system log on. They also run as browser helper objects to take control of the users internet surfing. Virtumonde variants usually promote or install fake security software, they also install pop up advertising and other malware.
[SpywareRemover]
Product=SpywareRemover
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpywareRemover is a fake antispyware solution that promotes itself with faked or exaggerated scan results to make the user purchase this fraud software. It also exploits the name of SpyRemover.
[SpywareLocked]
Product=SpywareLocked
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpywareLocked is a fake antispyware solution that promotes itself with faked or exaggerated scan results to make the user purchase this fraud software.
[SpyHeals]
Product=SpyHeals
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyHeals is a fake antispyware solution that promotes itself with faked or exaggerated scan results to make the user purchase this fraud software.
[Smitfraud-C.gp]
Product=Smitfraud-C.gp
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Smitfraud-C.gp is a collection of Smitfraud-C. variants. These variants usually get installed by exploits, social engineering or bundled with other malware. They also download other malware and trojan horses. Symptoms include unknwon browser helper objects, fake security messages, fake security software, pop up advertising, browser redirects or hijacking.
[SWAgent]
Product=SWAgent
Company=Deep Software
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SWAgent is a commercial keylogger also known as Activity Monitor Agent. It can record a user's keystrokes and send them to the attacker who installed the keylogger.
[MalwareWipePro]
Product=MalwareWipePro
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=MalwareWipePro is a so called rogue antispy software. It urges the user to purchase the software by showing intentional false positives and/or exaggerated scan results.
[FakeAlert.mhg]
Product=FakeAlert.mhg
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=FakeAlert.mhg is a malware that installs without user consent. It stays in background until it shows fake security messages that recommend false security software.
[Banker]
Product=Banker
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=These Banker trojan horses disguise themselves as system files and browser helper objects (BHO). They run in background, connect to their malicious websites and try to perform phishing attacks on banking accounts.
[AntiVerminser]
Product=AntiVerminser
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AntiVerminser is a fake antispyware software that urges the user to pay for a fake protection against exaggerated threats.
[AntiVermeans]
Product=AntiVermeans
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AntiVermeans is a fake antispyware software that urges the user to pay for a fake protection against exaggerated threats.
[Zlob.Downloader.bs]
Product=Zlob.Downloader.bs
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs a library to the windows directory and creates an autorun entry. File links to rogue malware sites.
[WinPerformance]
Product=WinPerformance
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=System optimizing software
Privacy=
Description=WinPerformance is a misleading security and system application which reports false problems on the computer. The user is prompted to pay in order to remove the detected "errors", which are mostly false positives and exaggerated alerts. Classified as malware. This application was either manually installed through misleading advertising or by a trojan downloading file (e.g. a fake codec installer). In the last case it was installed without user consent and there will be traces of other malware and adware files on your computer, probably Renos and Smitfraud variants. In other words: a full scan with Spybot - Search & Destroy is well advised.
[SpyBuddy]
Product=SpyBuddy
Company=ExploreAnywhere Software
Threat=Keylogger
CompanyURL=http://exploreanywhere.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyBuddy tracks the user's surfing and working behaviour. SpyBuddy creates autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and thus makes it possible to spy on the user.
[Windots]
Product=Windots
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Windots creates registry and autorun entries and installs files into the system directory. It is often bundled with Doublepoint.
[Win32.Zhelatin.vg]
Product=Win32.Zhelatin.vg
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan installs a service in order to run at system startup. This file connects to the internet in background and is able to communicate with other servers to receive orders.
[Win32.Gamec.cq]
Product=Win32.Gamec.cq
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan connects to the internet and tries to download further files. Pretends to be a Yahoo! file.
[MalWarrior]
Product=MalWarrior
Company=Adsl Software Ltd.
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=MalWarrior claims to be an antispyware solution. If it is installed on the computer it detects various threats on the computer. In order to fix these problems, the user needs to purchase a license.
[Doublepoint]
Product=Doublepoint
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Doublepoint is installed via dpup.exe without user consent. It creates a program folder, registry and autorun entries. It is often bundled with windots. It also connects to a webserver in background.
[BaiduBar]
Product=BaiduBar
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The application installs a toolbar (without user consent). This toolbar shows links to advertising sites. When uninstalled several registry entries and files remain on the system.
[Alertline]
Product=Alertline
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Installs a service, a browser helper object and an autorun entry. May monitor browser activity in order to display content related pop ups.
[FakeAlert.cc]
Product=FakeAlert.cc
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a Windows Security Center warning message.
Privacy=
Description=Fakealert is a malware or trojan file that installs a browser helper object or an Internet Explorer toolbar which links to rogue malware sites. This trojan invokes fake and misleading warning and security messages. Special thanks to CastelCops« for additional infos.
[Cleanator]
Product=Cleanator
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Cleanator claims to be a security tool. When the user scans his computer with Cleanator hundreds of alleged problems will be found. If the user wants to fix these misidentified threads he has to purchase a licence.
[Win32.EESbinder]
Product=Win32.EESbinder
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.EESbinder installs executable files into the system directory of the operating system without giving the user a possibility to cancel that process. It hides itself by bundling with another piece of software. Win32.EESbinder is started together with the other software.
[Win32.Dropper.Agent.byv]
Product=Win32.Dropper.Agent.byv
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Dropper.Agent.byv copies itself to the system directory of the operating system and tries to connect to the internet. When connected to a server it waits for new orders to spy on the user. Win32.Dropper.Agent.byv makes the computer insecure and so it is easy for other trojans to infiltrate the computer.
[StaticX]
Product=StaticX
Company=Structured designs inc.
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=StaticX tracks the user's surfing and working behaviour. StaticX creates autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and thus makes it possible to spy on the user.
[SpywareIsolator]
Product=SpywareIsolator
Company=SpywareIsolator Software Ltd.
Threat=Malware
CompanyURL=SpywareIsolator Software Ltd.
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpywareIsolator claims to be an antivirus solution. If it is installed on the computer it detects some spywares even if the computer is a totally clean machine. If the user wants to fix these problems, he has to purchase a license.
[SpyMyPC]
Product=SpyMyPC
Company=Benutec Software, Inc.
Threat=Keylogger
CompanyURL=http://Benutec.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyMyPC tracks the user's surfing and working behaviour. SpyMyPC creates autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and thus makes it possible to spy on the user.
[SpyKeylogger]
Product=SpyKeylogger
Company=Spy-Key-Logger.com
Threat=Keylogger
CompanyURL=http://spy-key-logger.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyKeylogger tracks the user's surfing and working behaviour. SpyKeylogger creates autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and thus makes it possible to spy on the user.
[Zlob.HQVideoCodec]
Product=Zlob.HQVideoCodec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Win32.OnLineGame.jun]
Product=Win32.OnLineGame.jun
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.OnLineGame.jun copies an executable and library files into the Windows directory without giving the user a possibility to cancel that process.
[Win32.BKClient]
Product=Win32.BKClient
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.BKClient copies an executable file into the Windows directory, starts itself as "PowerManager"-service without giving the user a possibility to cancel that process.
[Win32.Alman]
Product=Win32.Alman
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Alman reboots the PC after the infection has been completed without giving the user a possibility to cancel that process.
[RysioLogger]
Product=RysioLogger
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=RysioLogger copies an executable file into the Windows directory, starts itself via autorun as "AntyVirus" and "gadu-gadu" without giving the user a possibility to cancel that process.
[Hupigon.cbs]
Product=Hupigon.cbs
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Hupigon.cbs copies an executable file into the Windows directory, starts itself as "ClipBook"-service without giving the user a possibility to cancel that process.
[CoolWWWSearch.OleHelp]
Product=CoolWWWSearch.OleHelp
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=CoolWWWSearch.OleHelp copies executable files into the Windows and root directories, starts itself via autorun as "SVCHOST" without giving the user a possibility to cancel that process.
[Win32.VB.sj]
Product=Win32.VB.sj
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.sj copies itself to the system directory and tries to connect to the internet. When connected to a server it waits for new orders to spy on the user.
[Win32.GBDialer.j]
Product=Win32.GBDialer.j
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.GBDialer.j copies itself to the system directory and tries to connect to the internet. When connected to a server it waits for new orders to spy on the user.
[SubSeven]
Product=SubSeven
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SubSeven copies itself to your system directory and tries to connect to the internet. When connected to a server it waits for new orders to spy on the user.
[Wannnadoo]
Product=Wannnadoo
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Wannnadoo installs itself in the registry and Windows directory. It runs Internet Explorer in background and establishes a direct connection to a server over a Tcp-port. Please reboot your PC in order to fix this threat.
[Injector.u]
Product=Injector.u
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Injector.u installs itself into the System directory and creates an autorun entry. The trojan tries to establish a connection to a webserver.
[PlatinumPartner]
Product=PlatinumPartner
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=PlatinumPartner websites are supposed to provide payed download access to certain software or other content.
Privacy=
Description=Most of the downloadable content is freeware while non-freeware includes rogue security tools. PlatinumPartner websites are usually registered anonymously.
[Zlob.Downloader.vot]
Product=Zlob.Downloader.vot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers. This trojan also changes the DNS settings.
[Zlob.Downloader.idt]
Product=Zlob.Downloader.idt
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[AntiSpyKit]
Product=AntiSpyKit
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Official demo version appears to install normally but finds a lot of false positives, most likely intentional to make the user buy the full version. AntiSpyKit is advertised by fake security and Windows messages.
[Win32.Webmoner.co]
Product=Win32.Webmoner.co
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Webmoner.co starts itself in autorun via "NeroFilterCheck" trying to disguise as a legit application, without giving the user a possibility to cancel that process.
[Win32.VB.bpv]
Product=Win32.VB.bpv
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.bpv copies an executable file named server.exe into the Windows directory and runs in the background without giving the user a possibility to stop that process.
[Win32.Poison.pg]
Product=Win32.Poison.pg
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Poison.pg copies an executable file into the system directory, starts itself disguised as "icq" via autorun without giving the user a possibility to cancel that process.
[Win32.Krotten.ex]
Product=Win32.Krotten.ex
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Krotten.ex makes invisible StartMenu Items (ControlPanel, Pribter, Shutdown etc..). Disables also TaskManager, RegEdit, the ability to close Internet Explorer(IE). It also changes the IE startsite.
[Win32.IRCBot.auf]
Product=Win32.IRCBot.auf
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.IRCBot.auf starts itself as "ntndis"-service, changes shell settings in the registry without giving the user a possibility to cancel that process. May also connect to malicious websites like http://www.superc*******.***
[Win32.Agent.pn]
Product=Win32.Agent.pn
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.pn copies executable and library files into the windows directory, tries to hide using file names similar to legit system files.
[Win32.Agent.bno]
Product=Win32.Agent.bno
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.bno copies an executable file into the Windows directory, starts itself in autorun as "sysload".
[Hupigon.dsx]
Product=Hupigon.dsx
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Hupigon.dsx copies an executable file into the Windows directory, starts itself as "555"-service.
[Win32.Agent.AQ]
Product=Win32.Agent.AQ
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.AQ copies an executable file into the system directory of the operating system. Additionally it installs an autorun entry with the name (Microsoft Update) and tries to connect to the internet without asking the user for permission to do so.
[Fake.PC-Antispyware]
Product=Fake.PC-Antispyware
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Fake.PC-Antispyware claims to be an antispyware solution that shows harmless entries as high risk problems. If the user wants to fix this false positives he has to purchase a license.
[Win32.VB.aqt]
Product=Win32.VB.aqt
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.aqt disguises as a system file and runs in the background. It tries to connect to the internet. When connected to a server it waits for new orders to spy on the user. Also Win32.VB.aqt makes infected systems insecure so it is easy for other trojans to infiltrate the computer.
[Win32.Agent.agx]
Product=Win32.Agent.agx
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.agx tries to connect to the internet immediately in order to download and install other bad software.
[PCCleaner]
Product=PCCleaner
Company=PC-Cleaner.com
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=PCCleaner claims to be an antispyware solution and if it is installed on the computer it flags some entries as malware, which are totally harmless. When the user tries to fix these problems he has to buy a license and so the program tries to frighten users by showing false positives.
[Vegas.Red.Casino.PT]
Product=Vegas.Red.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[USA.Casino.PT]
Product=USA.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Swiss.Casino.PT]
Product=Swiss.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Slots.PT]
Product=Slots.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Sky.Kings.Casino.PT]
Product=Sky.Kings.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Sierra.Star.Casino.PT]
Product=Sierra.Star.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[SIA.Casino.PT]
Product=SIA.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Royal.Dice.Casino.PT]
Product=Royal.Dice.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Prestige.Casino.PT]
Product=Prestige.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Playgate.Casino.PT]
Product=Playgate.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[New.York.Casino.PT]
Product=New.York.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Mega.Sport.Casino.PT]
Product=Mega.Sport.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Mansion.Casino.PT]
Product=Mansion.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Magic.Box.Casino.PT]
Product=Magic.Box.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Kiwi.Casino.PT]
Product=Kiwi.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Joyland.Casino.PT]
Product=Joyland.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Indio.Casino.PT]
Product=Indio.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Hotel.Casino.Network.PT]
Product=Hotel.Casino.Network.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Grand.Online.Casino.PT]
Product=Grand.Online.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Golden.Palace.Casino.PT]
Product=Golden.Palace.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Flamingo.Casino.PT]
Product=Flamingo.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Europa.Casino.PT]
Product=Europa.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[EuroGrand.Casino.PT]
Product=EuroGrand.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Enter.Casino.PT]
Product=Enter.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Dreamgroup.Fakemule]
Product=Dreamgroup.Fakemule
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be an italian version of the emule p2p client.
Privacy=
Description=This hijacker changes the Internet Explorer start page and adds various links to its fraudulent website.
[Diamond.Club.Casino.PT]
Product=Diamond.Club.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Craps.com.PT]
Product=Craps.com.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be legit online casino software
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Craps.com did not even bother to completely fill out the default EULA form provided within the PlayTech installer. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes.
[Club.Dice.Casino.PT]
Product=Club.Dice.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[City.Club.Casino.PT]
Product=City.Club.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[CasinoKing.PT]
Product=CasinoKing.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Casino365.PT]
Product=Casino365.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Casino.Tropez.PT]
Product=Casino.Tropez.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Casino.Las.Vegas.PT]
Product=Casino.Las.Vegas.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Casino.Del.Rio.PT]
Product=Casino.Del.Rio.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Casino.Bellini.PT]
Product=Casino.Bellini.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Carnival.Casino.PT]
Product=Carnival.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Cameo.Casino.PT]
Product=Cameo.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Bakara.Casino.PT]
Product=Bakara.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[African.Palace.Casino.PT]
Product=African.Palace.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[50.Stars.Casino.PT]
Product=50.Stars.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[32Vegas.PT]
Product=32Vegas.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[24kt.Gold.Casino.PT]
Product=24kt.Gold.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished" , the software still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[Zlob.Downloader.vet]
Product=Zlob.Downloader.vet
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers. This variant also changes the domain name server and installs a rootkit component.
[Win32.Agent.xg]
Product=Win32.Agent.xg
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.xg creates an autorun entry to be loaded on every windows start. It opens the Internet Explorer and displays ads. Your desktop wallpaper is changed to a blue screen with a warning message.
[Win32.VB.bmr]
Product=Win32.VB.bmr
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.bmr copies an executable file into the System directory, starts itself in autorun as "windowsmp", also creates a service without user consent.
[Win32.Small.vy]
Product=Win32.Small.vy
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.vy copies executable files into the Windows and System directories without giving the user a possibility to cancel that process, tries to hide using file names similar to legit system files. Also changes the windows firewall settings.
[Win32.Small.tnt]
Product=Win32.Small.tnt
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.tnt copies an executable file into the Windows directory, starts itself in autorun as "runner1" without user consent.
[Win32.Shark.if]
Product=Win32.Shark.if
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Shark.if installs executable and library files into the program directory without giving the user a possibility to cancel that process, tries to hide using file names similar to legit system files.
[Win32.Banbra.anp]
Product=Win32.Banbra.anp
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Banbra.anp starts itself in autorun as "WindowsUpdate" and "svchosts.exe" without giving the user a possibility to cancel that process.
[Win32.Qhost.ake]
Product=Win32.Qhost.ake
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan opens the Internet Explorer and connects to a website containing a flash movie. While showing the movie, it redirects the website of a brasilian bank.
[Win32.Agent.frl]
Product=Win32.Agent.frl
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.frl hides files from the user, changes registry entries, installs autorun and registry entries and also files. After fixing, you should reboot the system and scan again in order to fix the problems eventually left. Spybot may close itself while fixing Win32.Agent.frl.
Description=AntiSpywareShield is nearly the same application as MalwareAlarm. It scans the system and finds some false positives in order to threaten the user. If the user wants to get rid of the "problems", he has to purchase a license.
[AntiSpywareDeluxe]
Product=AntiSpywareDeluxe
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AntiSpywareDeluxe scans the system and finds some false positives in order to threaten the user. If the user wants to get rid of the "problems", he has to purchase a license.
[Win32.Agent.bk]
Product=Win32.Agent.bk
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.bk installs an Internet Explorer toolbar without user consent. This is installed as an BHO and is loaded on every browser start.
Description=Prevents users from manipulating destop toolbars.When the value of this entry is 1, users cannot add or remove toolbars from the desktop. Also, users cannot drag toolbars onto or off of docked toolbars.
[Win32.Backdoor.ajhb]
Product=Win32.Backdoor.ajhb
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be legit system files
Privacy=
Description=This trojan horse gets installed along other trojans and may also install further malware and/or trojans like Virtumonde variants.
[Win32.Agent.vye]
Product=Win32.Agent.vye
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse runs in background and connects to the internet to await further orders from the attacker. This trojan horse is spread with the help of an autorun.inf which gets installed with the executable file to every root folder where possible. It is known to have infected usb sticks at public terminals. The trojan horse hides its files and changes the explorer settings to not display hidden files.
[Warpcom]
Product=Warpcom
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan horse Warpcom pretends to belong to the system while it runs in background and tries to compromise the system.
[CNNIC.cn]
Product=CNNIC.cn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=China Internet Information Center gets also installed along other software. It runs in background adds itself to various start locations to ensure that it gets started. It also adds itself to the Winsock LSP which enables it to control internet traffic. Currently removal will require to execute a tool like LSPFix.
[Win32.mIRC]
Product=Win32.mIRC
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.mIRC copies an executable and a library file into the system directories, starts itself in autorun as "msngers" without giving the user a possibility to cancel that process.
[Win32.Soundmix]
Product=Win32.Soundmix
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Soundmix copies itself as soundmix.exe into the system directory and pretends to be a soundmixer. It starts itself in autorun as "soundmix" without user consent. It also adds itself to the exefile shell open command so that it will be started synchronously with every other exe file.
[Win32.Settec]
Product=Win32.Settec
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Settec leads immediately to freezes of the PC.
[Win32.Pakes.cgn]
Product=Win32.Pakes.cgn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Pakes.cgn reboots the PC immediately afterwards the computer has been infected.
[Win32.Delf.asz]
Product=Win32.Delf.asz
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.asz copies a file called "syste32.exe" into the program directory. Additionally the trojan horse starts itself as "systen32"-service without user consent.
[Win32.Bifrose.blr]
Product=Win32.Bifrose.blr
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Bifrose.blr copies an executable and .avi files into the Windows directory without user consent.
Description=Microsoft.Windows.System.NoAddRemovePrograms removes the "Add or Remove Programs" dialog from the Control Panel and removes the "Add or Remove Programs" shortcut from menu.
Description=Microsoft.Windows.Explorer.NoToolbarCustomize disables access to the toolbar settings for the Explorer in order to customize the toolbar layout.
[Microsoft.Windows.Explorer.NoThemesTab]
Product=Microsoft.Windows.Explorer.NoThemesTab
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Microsoft.Windows.Explorer.NoThemesTab removes the themes tab, available by the display settings menu, that controls the overall appearance of windows.
Description=Microsoft.Windows.Explorer.NoStartFrequentlyUsedPrograms removes the frequently used programs list from the Start menu.
[Microsoft.Windows.Explorer.NoShutDown]
Product=Microsoft.Windows.Explorer.NoShutDown
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Microsoft.Windows.Explorer.NoShutDown removes "Shut Down" from the Start menu.
[Microsoft.Windows.Explorer.NoRun]
Product=Microsoft.Windows.Explorer.NoRun
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Microsoft.Windows.Explorer.NoRun removes "Run" item from the Start menu.
[Microsoft.Windows.Explorer.NoPrinter]
Product=Microsoft.Windows.Explorer.NoPrinter
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Microsoft.Windows.Explorer.NoPrinter removes the Printer item from the Start menu.
[Microsoft.Windows.Explorer.NoNetHood]
Product=Microsoft.Windows.Explorer.NoNetHood
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Microsoft.Windows.Explorer.NoNetHood hides the "My Network Places" icon from the desktop.
[Microsoft.Windows.Explorer.NoMyPictures]
Product=Microsoft.Windows.Explorer.NoMyPictures
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Microsoft.Windows.Explorer.NoMyPictures hides "My Pictures" from the context My Documents.
[Microsoft.Windows.Explorer.NoMyDocuments]
Product=Microsoft.Windows.Explorer.NoMyDocuments
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Microsoft.Windows.Explorer.NoMyDocuments removes the "My Documents" icon from the desktop, from Windows Explorer, from programs that use the Windows Explorer windows and from the standard Open dialog box.
[Microsoft.Windows.Explorer.NoMyDocs]
Product=Microsoft.Windows.Explorer.NoMyDocs
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Microsoft.Windows.Explorer.NoMyDocs disables the "Documents" item in the Start menu.
Description=Microsoft.Windows.Explorer.NoManageMyComputer removes the "Manage" item from the Windows Explorer context menu. This context menu appears when you right click Windows Explorer or "My Computer".
[Microsoft.Windows.Explorer.NoLogOff]
Product=Microsoft.Windows.Explorer.NoLogOff
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Microsoft.Windows.Explorer.NoLogOff removes the "Log Off <username>" item from the Start menu and prevents users from restoring it.
[Microsoft.Windows.Explorer.NoHelp]
Product=Microsoft.Windows.Explorer.NoHelp
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Microsoft.Windows.Explorer.NoHelp removes the "Help menu" from the Start menu.
Description=Microsoft.Windows.Explorer.NoAccessToDrive blocks access to the drives (C:, D:, E: etc.).
[Fake.Antispyware.TheSpybot2007]
Product=Fake.Antispyware.TheSpybot2007
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Fake.Antispyware.TheSpybot2007 tries to trick the user with a similar name of our well known antispyware application "Spybot - Search and Destroy". When Fake.Antispyware.TheSpybot2007 is installed on the computer it tries to make the user believe that the computer is infected with hundreds of malware issues. When the user wants to clean the system he has to purchase a license. Fake.Antispyware.TheSpybot2007 is in close relation to SpySheriff and PestTrap, both well known rogue antispyware tools.
[XPCSpyPro]
Product=XPCSpyPro
Company=X Software, Inc.
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=XPCSpyPro tracks the users surfing and working behaviour. XPCSpyPro creates autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and thus makes it possible to spy on the user.
[Win32.VB.tr]
Product=Win32.VB.tr
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.tr drops a variant of Trojan Win32.Steam.m which disguises itself as a system file.
[Hupigon.evc]
Product=Hupigon.evc
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Hupigon.evc copies itself to your system directory and tries to connect to the internet. When connected to a server it waits for new orders to spy on the user.
[Hupigon.Gen]
Product=Hupigon.Gen
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Hupigon.Gen copies itself to your system directory and tries to connect to the internet. When connected to a server it waits for new orders to spy on the user.
[Win32.Agent.ip]
Company=
Product=Win32.Agent.ip
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan copies itself into a folder in the system directory and creates an autorun entry to run at system startup. This software is certified with a misleading company name.
[Win32.Agent.af]
Product=Win32.Agent.af
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan runs in background and tries to connect to the internet.
[Microsoft.Windows.Exefile.HideExtension]
Product=Microsoft.Windows.Exefile.HideExtension
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This registry value hides the file extension of executable files, even if the user has configured anything else. This may help malicious files to appear harmless to the user.
[Monaco.Gold.Casino.PT]
Product=Monaco.Gold.Casino.PT
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an online casino
Privacy=
Description=This online casino uses the PlayTech software which only allows gaming after registration of personal information like surname, name, email address, phone number, birthday, country and currency. Like all PlayTech installers, the installation does not finish with "installation finished", the software still downloads and installs parts of the online casino in background for several minutes. Bonus offers usually mislead users to play for money.
[Killsoft.V2008]
Product=Killsoft.V2008
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be a security tool.
Privacy=
Description=Killsoft.V2008 is hosted on Baidu servers, it installs normally but shows intentional false positives like non existent files.
[BaiduBar.HostsRep]
Product=BaiduBar.HostsRep
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This repair.exe from Baidu runs in background and removes all entries in the hosts file related to Baidu to prevent that it is blocked. Since Baidu is known for installations of adware without user consent this repair.exe is considered a trojan horse that can enable Baidu software to get installed on the user's computer.
[Win32.Shark.ae]
Product=Win32.Shark.ae
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Shark.ae installs a library file into the application data directory without giving the user a possibility to cancel that process.
[Win32.Agent.ay]
Product=Win32.Agent.ay
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.ay copies itself as krag.exe into the Windows directory and starts itself in autorun as "krag" without user consent.
[Win32.Agent.aou]
Product=Win32.Agent.aou
Company=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.aou copies executable and library files into the windows and system directories and starts itself in autorun as "gfxtray" and "Office SturtUp" without user consent.
[BachKhoaAntivirus]
Product=BachKhoaAntivirus
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=BachKhoaAntivirus copies an executable file into a directory called "Bkav2006". Additionally it starts itself in autorun as "BkavFw" and "runner1" without user consent.
[MalwareBell]
Product=MalwareBell
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=MalwareBell claims to be an antispyware solution that shows harmless entries as high risk problems. If the user wants to fix these false positives he has to purchase a license.
[YMCam]
Product=YMCam
Company=HK3Ware.com
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=YMCam claims to be a chat software but drops a variant of Perfect Keylogger in the background which gets installed in the system directory.
[KeyloggerSpy]
Product=KeyloggerSpy
Company=ngnsss.com
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=KeyloggerSpy tracks the user's surfing and working behaviour. KeyloggerSpy creates autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and thus makes it possible to spy on the user.
[KeyloggerDouglas]
Product=KeyloggerDouglas
Company=Software Argentino
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=KeyloggerDouglas tracks the user's surfing and working behaviour. KeyloggerDouglas creates autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and thus makes it possible to spy on the user.
[Win32.Mutant.jz.rtk]
Company=
Product=Win32.Mutant.jz.rtk
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan installs a service which will be started at each system startup. It also has rootkit functions.
[Delf.Inject]
Product=Delf.Inject
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan installs files into the settings directory. A library file is loaded into svchost.exe and gains access to the internet in background.
Description=AntiVirProtect is nearly the same application as MalwareAlarm. It scans the system and finds some false positives in order to scare the user. If the user wants to get rid of the "problems", he has to purchase a license.
[SearchALot]
Product=SearchALot
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit internet search engine.
Privacy=
Description=SearchALot start page installer sets the searchalot website as the default start page as described, but it also tries to redirect searches the user makes to msn via the hosts file.
[Delf.12.an]
Product=Delf.12.an
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Delf.12.an intalls malicious library files to the users computer.
[Zlob.Downloader.vat]
Product=Zlob.Downloader.vat
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers. This variant installs a rootkit component and changes the domain name server.
[Zlob.Downloader.jau]
Product=Zlob.Downloader.jau
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[Zlob.Downloader.fvn]
Product=Zlob.Downloader.fvn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[Win32.VB.me]
Product=Win32.VB.me
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.me copies an executable file into the Windows directory without giving the user a possibility to cancel that process.
[Win32.VB.bks]
Product=Win32.VB.bks
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.bks installs itself (explorer.exe) into the Windows and root directories, starts itself via a service named "4LLI" without giving the user a possibility to cancel that process.
[Win32.Tibia.de]
Product=Win32.Tibia.de
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Tibia.de copies an executable file into the root directory, starts itself via autorun as "hosted" without giving the user a possibility to cancel that process. Also blocks Windows firewall.
[Win32.Agobot.aoi]
Product=Win32.Agobot.aoi
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agobot.aoi copies an executable file into the system directory, starts itself in autorun as "Windows Serviece Agents" and as "Windows Serviece Agents"-service without giving the user a possibility to cancel that process.
[WinIFixer]
Product=WinIFixer
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WinIFixer claims to be an antispyware solution that shows harmless entries as high risk problems. If the user wants to fix these false positives he has to purchase a license.
[Win32.Agent.cs]
Product=Win32.Agent.cs
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.cs installs some malicious files to the Windows directory and tries to connect to the internet. If a internet connection is available it downloads other malicious files like trojan horses.
[Fake.SecurityAlert]
Product=Fake.SecurityAlert
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Fake.SecurityAlert shows a fake security center and tries to make the user believe that he should download various rogue antispyware tools like WinIFixer. Fake.SecurityAlert copies some malicious files to the Windows directory and creates an autorun entry to be launched on every Windows startup.
[MalwareCore]
Company=
Product=MalwareCore
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=MalwareCore is a rogue antispyware software related to the rogue antispyware software MalwareWipe. It detects several false positives as critical threats. When the user wants to remove these threats, he has to purchase a license.
[Win32.Bagle.E]
Product=Win32.Bagle.E
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Bagle.E copies itself into the system directory of the operating system and tries to connect to the internet. Then it waits for new orders to harm the computer.
[Anti-Leech]
Product=Anti-Leech
Company=WakeNetAB
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be an adware plugin/add-on for the Internet Explorer and FireFox
Privacy=
Description=This adware may get installed as bundled software along Netpumper. It does not appear like other browser plugins/add-ons in the respective browser menus.
Privacy=[...] We do not send or collect any information that can personally identify a user. We do collect information that is already available to every website you visit. Examples include browser version, language and other browser and connection information. We use a unique ID in order to know how many people use our products. This ID is not personally identifying; it is a completely random number. We do send a log once per day that tells us how many users are installed. We do collect data at our search and travel sites. This is needed to monitor our business performance. This data does not contain any personally identifying information. We do not and will not sell or distribute any data collected from the user. We do share aggregated information with others. Examples of this include how many users clicked on a particular paid listing in a search result. We do take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. [...]
Description=Starware installs a toolbar to the Internet Explorer without user consent. The application changes the browser startpage, installs a BHO and displays adware links in a small frame, even when searching with other search engines. When uninstalled, a registry entry and the browser startpage remain changed.
[Win32.ConHook.ah]
Product=Win32.ConHook.ah
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.ConHook.ah copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer. Additionally the trojan creates a browser helper object (BHO) and a cookie to display special advertisement. The trojan intstalls a BHO and additional files, which are loaded by the winlogon.exe. It also tries to connect to several servers in order to post collected data. Please also scan in Windows Safemode to eliminate all registry entries. Some files have to be fixed manually. Please contact our support team for further assistance.
[IRC.Zapchast]
Product=IRC.Zapchast
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan horse pretends to be a legit application. It runs a compromised version of the mirc IRC software and connects as a server in background. The trojan horse waits for incoming commands to harm the computer. IRC.Zapchast installs IRC server scripts and configuration files that allow the infected machine to be used as a server. Certain IRC channels specified in the configuration files connect to the server, making the infected machine vulnerable to remote attackers. IRC.Zapchast is spread by email spam with a link purporting to be a postcard for the user.
[Smitfraud-C.FakeAlert]
Product=Smitfraud-C.FakeAlert
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Smitfraud-C.FakeAlert shows faked messages that look like security updates from Microsoft. If the user clicks on one of these messages the computer starts to download various rogue antispyware tools and other malicious stuff like Smitfraud-C., Smitfraud-C.Toolbar or Fraud.Protectionbar. It also changes start page and search page internet Explorer
[Win32.Agent.qt]
Product=Win32.Agent.qt
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Backdoor Trojan
Privacy=
Description=Win32.Agent.qt is a backdoor trojan file. It installs itself into windows and system directories, starts itself in autorun as "IpWins", "SManager", "runner1", "CTDrive" and tries to connect to the internet in background. The trojan also installs other trojans like Smitfraud-C., Smitfraud-C.Toolbar888, MaxFiles.
[Win32.Rbot.gen]
Product=Win32.Rbot.gen
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Officially known as a Trojan with Backdoor functions.
Privacy=
Description=When started, the application deletes the "System" and "System32" directories, the "SystemCertificates" directories of the users, "\Shared Folder\System" and the "pchealth" directory. It redirects hosts of anti-spyware vendors and deletes the system.ini file. If the computer is infected with this malware, reinstallation of system components is required. A variant of Win32.Rbot.gen copies an executable file into the System directory, starts itself in autorun as "FrameWork 2.5" and tries to connect to the internet in background without giving the user a possibility to cancel that process.
[Win32.Bancos.zm]
Product=Win32.Bancos.zm
Company=
Threat=Spyware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Bancos.zm disguises as "tasklist32.exe" and creates an autorun entry to run at system startup. The program tries to collect information about online bank accounts of the user which is stored in a temporary file. It may block the antivirus program LanDesk. Variants may add themselves as "WinDLLProcessor" to the system start.
[Win32.Banload]
Product=Win32.Banload
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Banload installs executable files into the Windows directory without giving the user a possibility to cancel that process. It starts itself in autorun as "Wapp" and tries to connect to the internet in background.
[VirusProtectPro]
Product=VirusProtectPro
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=It claims to be a PC cleaning tool
Privacy=
Description=Official demo version appears to install normally but finds a lot of false positives, most likely intentional to make the user buy the full version. VirusProtectPro is the same application as SpywareQuake, SpyCrush and Spylocked and is advertised by fake Windows messages. VirusProtectPro also gets downloaded by adware. When the user starts a scan, it finds some harmless cookies declared as high risk security problems. If the user wants to get these problems fixed by VirusProtectPro he has to purchase a license.
[Win32.Bifrose.aci]
Product=Win32.Bifrose.aci
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=A backdoor trojan which creates registry entries and runs in background without user notice. The trojan can also open an internet connection without user consent. Bifrose.aci creates "Bifrost", "system32" directories in "c:\windows\system" without user consent. Furthermore it tries to hide using file names similar to legit system files.
[Win32.Small.kj]
Product=Win32.Small.kj
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.kj copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer. Variants may also register themselves in services as "xpdx".
[Hupigon]
Product=Hupigon
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The Trojan collects information about the user (passwords etc.), tries to connect to the web and sends it. Variants may add themselves as "GrayPigeonServer1.23" and "GrayPigeon_Hacker.com.cn" in services.
[Win32.Brabot.g]
Product=Win32.Brabot.g
Company=
Threat=Trojans
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Brabot.g copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer. Win32.Brabot.g has internal product name as "Windows Update", variants have virtual machine detection and will not run in such environments.
[PWS.LDPinchIE]
Product=PWS.LDPinchIE
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be an update for the Internet Explorer
Privacy=
Description=This trojan horse pretends to be an update for the Internet Explorer. It massively connects to the internet in background. It hijacks the host file to block security sites and redirects banking websites to a fixed IP address. The trojan downloads other malicious software and adds them to winlogon and system start. There are also services registered to have additional ways of starting the trojans. Variants start themselves in winlogon as "partnershipreg" without giving the user a possibility to cancel that process. Also user profile settings (desktop icons, mapped drives etc.) get deleted upon initial reboot.
[Win32.Banker.anv]
Product=Win32.Banker.anv
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Banker.anv installs an executable file, starts itself via autorun as "lsass32" without giving the user a possibility to cancel that process. Variants of Win32.Banker.anv copy executable files into the root directory, starts itself in autorun as "Bandook" or "svchost.exe" without giving the user a possibility to cancel that process. Additionally connects to websites with pornographical content.
[Win32.Agent.aga]
Product=Win32.Agent.aga
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.aga installs itself into the system directory and tries to connect to the internet for control remote the infected PC. Also disables the command console and security programs. A variant of Win32.Agent.aga installs itself into the system directory, starts itself in autostart as "Generic Host Process" and tries to connect to the internet. When it is connected it produces several annoying pop ups with pornographical content when the user is browsing the web.
[PWS.OnLineGames]
Product=PWS.OnLineGames
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=PWS.OnLineGames copies executable and library files into the "Windows\debug" directory without giving the user a possibility to cancel that process. A variant of PWS.OnLineGames copies exetutable files into root and system directories, starts itself in autorun as "amva" without giving the user a possibility to cancel that process.
[Win32.Banker.gen]
Product=Win32.Banker.gen
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Banker.gen copies an executable file into the windows directory, starts itself in autorun as "svhosst" and tries to connect to the internet in background without giving the user a possibility to cancel that process. A Variant of Win32.Banker.gen starts itself in autorun as "rundll32".
[CoolWWWSearch.am]
Product=CoolWWWSearch.am
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=CoolWWWSearch.am connects to the internet in background and installs executable and library files into the Windows directory. Additionally it starts in autorun as "xem" without user consent. A variant of CoolWWWSearch.am downloads an executable file and installs it in system directory, starts itself via RunOnce (as "Windows Config") in the registry.
[Win32.Agent.ahj]
Product=Win32.Agent.ahj
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.ahj copies an executable file into the system directory, starts itself in autorun as "crsss", changes start page of the Internet Explorer without giving the user a possibility to cancel that process. A variant of Win32.Agent.ahj intalls an executable file and starts itself in services as "Windows_rejoice46" without giving the user a possibility to cancel that process.
Description=Prevents users from starting Task Manager (Taskmgr.exe)
[System_DisableRegistryTools]
Product=System_DisableRegistryTools
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Prevents users from starting Windows registry editor (regedit.exe).
[Nuclearwinter]
Product=Nuclearwinter
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Trojanbuilder
Privacy=
Description=A trojan builder variant of Nuclearwinter which cannot be run under a Virtual Machine. A reference to the ntdll.dll has been found in file itself.
[Themida.Bot.tsj]
Product=Themida.Bot.tsj
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Themida.Bot.tsj is a malware that can detect virtual environments in order to protect its malicious behavior from being discovered in a safe environment. Once executed on a real computer this malware will compromise the system security.
[CliprexDivXPlayer]
Product=CliprexDivXPlayer
Company=Cliprex
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a DivX Player by Cliprex
Privacy=
Description=Cliprex Software is bundled with adware like WhenU and Ask.GlobalSearch. Core components for the actual DivX Player are based on freeware under the GNU General Public License (GPL), so Cliprex is actually violating the GPL by not releasing the sources of its other components under the GPL as well.
[CliprexDVDRipper]
Product=CliprexDVDRipper
Company=Cliprex
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a DVD ripper software
Privacy=
Description=Cliprex makes frequent use of freeware components but bundles these with adware from WhenU. Cliprex violates the GNU General Public License (GPL).
[Win32.Systembin]
Product=Win32.Systembin
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Systembin copies an executable file into the Windows directory, starts itself in autorun as "systemscroot" and "systemscroot"-service without giving the user a possibility to cancel that process.
[Win32.Small.imu]
Product=Win32.Small.imu
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.imu copies an executable file into the Windows directory, starts itself in autorun as "runner1" and "msn" without giving the user a possibility to cancel that process.
[Win32.SlhClient]
Product=Win32.SlhClient
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.SlhClient tries to open a backdoor on the computer and so the computer is very insecure and can be exploited by attackers from the internet.
[Win32.Konik]
Product=Win32.Konik
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Konik copies an executable file into the System directory, starts itself in autorun as "CheckOCX" and "CheckOCX"-service without giving the user a possibility to cancel that process. Also adds itself to the list of authorized applications for the Windows firewall.
[Win32.Agent.esq]
Product=Win32.Agent.esq
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.esq copies executable files into the local application directory, starts itself in autorun as "config" and as "config"-service without giving the user a possibility to cancel that process.
[Win32.Agent.kmf]
Product=Win32.Agent.kmf
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.kmf copies itself into the system directory of the operating system and tries to connect to the internet. When it is connected it waits for new orders to harm the computer. Additionally it creates a service entry to be launched at every system start.
[Rogue.ScanAndRepair2007]
Product=Rogue.ScanAndRepair2007
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Rogue.ScanAndRepair2007 claims to be an antispyware solution that shows harmless entries as high risk problems. If the user wants to fix these false positives he has to purchase a license.
[Rogue.IEAntivirus]
Product=Rogue.IEAntivirus
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Rogue.IEAntivirus claims to be an antispyware solution that shows harmless entries as high risk problems. If the user wants to fix these false positives he has to purchase a license. Rogue.IEAntivirus is in close relation to MalwareBell.
[Win32.Small.dv]
Product=Win32.Small.dv
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan has the abilities to download and execute other malicious files.
[Win32.Agent.qwq]
Product=Win32.Agent.qwq
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan copies itself into the windows directory and drops library files. It runs in background and opens an instance of Internet Explorer without user consent. The Internet Explorer connects to several websites.
[Win32.Agent.cn]
Product=Win32.Agent.cn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan downloads and installs ShudderLtd.AntiVirusPro without user consent. It creates an autorun entry to run at every system startup and changes the desktop background to a faked spyware warning.
[Fraud.Antivirus2008]
Product=Fraud.Antivirus2008
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Fraud.Antivirus 2008 claims to be an antispyware solution. When it is installed on the computer it shows a lot of harmless cookies, browser helper objects and autorun entries as high risk spyware problems installed by itself. When the user wants to fix these false positives he has to purchase a license. Fraud.Antivirus 2008 is nearly the same application as Fraud.XPAntivirus.
[KGBKeylogger]
Product=KGBKeylogger
Company=REFOG
Threat=Keylogger
CompanyURL=http://www.refog.com/de/keylogger/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Monitors keystrokes, dial-up connections, process creation and termination and creates desktop screen shots.
[BPS.Gen]
Product=BPS.Gen
Company=BulletProofSoftware
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be an antimalware Software
Privacy=
Description=BPS creates a huge amount of "different" antimalware and antispyware solutions in order to fool as many customers as possible. When BPS software is installed on a computer it will find hundreds of false positives in order to trick the user to purchase the full version.
[ConOpt.BHO]
Product=ConOpt.BHO
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a connection optimizer add-on for the Internet Explorer
Privacy=
Description=This fake browser helper object (BHO) installs without user consent. It starts in background when the Internet Explorer gets started in order to harm the computer.
[Win32.Delf.bj]
Product=Win32.Delf.bj
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.bj copies library and executable files into the System directory, starts itself in autorun without giving the user a possibility to cancel that process.
[Win32.AutoRun]
Product=Win32.AutoRun
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.AutoRun copies an executable files into the System directory, starts itself in autorun as "LTM.exe" and in autorun.inf without giving the user a possibility to cancel that process.
[Win32.Agent.byc]
Product=Win32.Agent.byc
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.byc copies executable files into the System directories, starts itself in autorun as "Virtual Java", in Winlogon as "Sys Startup" and "Windows start" in order to stay hidden and harm the computer.
[Win32.Agent.abd]
Product=Win32.Agent.abd
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.abd copies an executable file (svchost.exe) into the Windows directory, starts itself in autorun as "svchost" without giving the user a possibility to cancel that process. Tries to hide its autorun entry using a name similar to an important system file.
[KGBKeylogger.REFOG]
Product=KGBKeylogger.REFOG
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Monitors keystrokes, dial-up connections, process creation/termination and creates desktop screen shots.
Privacy=Registration%0D%0A%0D%0AFill-in the form below, click the Submit button, and then start to download and using our software for FREE. You will receive a notification when there are any updates, new software or special offers from us. You may unsubscribe at anytime.%0D%0A%0D%0APrivacy%0D%0A%0D%0APCSleek.com certifies that all personal information relating to its subscribers & customers will be kept confidential & will not be released to third parties for commercial purposes without their permission. We also work with several third parties that serve ads to this site. To find out more about how they manages the privacy of information in conjunction with serving ads on this site, please visit the related sites.
Description=PCSleek.FreeErrorCleaner claims to be a solution to fix registry errors that could slow down the computer. If the user wants to fix these problems he has to register for free with his name an email address. Freemail addresses are being rejected . The website is registered through a whoisguard thus preserving the authors anonymity.
[LiveAntispy]
Product=LiveAntispy
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=LiveAntispy claims to be a solution to fix errors and clean the computer from spyware, instead it shows harmless entries as high risk problems. If the user wants to fix these false positives he has to purchase a license.
[EliteProtector]
Product=EliteProtector
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=EliteProtector claims to be a solution to fix errors and clean the computer from spyware, instead it shows harmless entries as high risk problems. If the user wants to fix these false positives he has to purchase a license.
[DoctorCleaner]
Product=DoctorCleaner
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=DoctorCleaner claims to be a solution to fix errors and clean the computer from spyware, instead it shows harmless entries as high risk problems. If the user wants to fix these false positives he has to purchase a license.
[Win32.Friendown]
Product=Win32.Friendown
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=When Win32.Friendown is executed it hides on your system and tries to connect to the internet. When it is connected to the Internet it waits for new orders to harm the computer.
[Win32.Agent.ark]
Product=Win32.Agent.ark
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Backdoor trojan Win32.Agent.ark creates entries in the system directory which make the computer insecure and so it is easy for other trojans to infiltrate the computer
[SpyPry]
Product=SpyPry
Company=LogiGuard,LLC
Threat=PUPS
CompanyURL=www.logiguard.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Vendor hides his postal address and has registered his domain through an anonymous domain registration service. Legit software vendors will not hide themselves. SpyPry also hides some of its components in the Windows System directory which also is a hint of wanting to stay undetected.
[SpyKill]
Product=SpyKill
Company=
Threat=Malware
CompanyURL=www.spy-kill.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyKill claims to be an antispyware solution. If it is installed on the computer it detects some spyware even if the computer is a totally clean machine. In order to fix these problems, the user needs to purchase a license.
[SmartPCKeylogger]
Product=SmartPCKeylogger
Company=Irocs-Kingdom.Com
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SmartPCKeylogger tracks the users surfing and working behaviour. SmartPCKeylogger creates autorun entries in the registry in order to be launched on each Windows startup. It records all keystrokes without user consent and thus makes it possible to spy on the user. SmartPCKeylogger is connected to RebrandSoftware Malware and Keyloggers.
[DeusCleaner]
Product=DeusCleaner
Company=Dogma Software Company
Threat=Malware
CompanyURL=http://deuscleaneronline.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=DeusCleaner claims to be a tool meant to fix bugs. If it is installed on the computer it detects some "bugs" which are not really existent. The user won`t get any description on those "bugs" and if he/she wants to fix them he/she has to purchase a license.
[BugDoctor]
Product=BugDoctor
Company=MAXIMUM PUBLISHING LLC.
Threat=Malware
CompanyURL=www.bugdoctor.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=BugDoctor claims to be a tool meant to fix bugs. If it is installed on the computer it detects some "bugs" which are not really existent. The user won`t get any description on those "bugs" and if he/she wants to fix them he/she has to purchase a license.
[AntiSpyCheck]
Product=AntiSpyCheck
Company=AntiSpyCheck, Inc.
Threat=Malware
CompanyURL=www.AntiSpyCheck.com
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AntiSpyCheck claims to be an antispyware solution. If it is installed on the computer it detects some spyware even if the computer is a totally clean machine. In order to fix these problems, the user needs to purchase a license.
[Spyburner]
Product=Spyburner
Company=Spyburner Inc.
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Spyburner is a rogue antispyware application. When run, it may find harmless registry entries and proclaim them as severe system threats. If the user wants to fix these problems, he has to purchase a license.
[MalwareDestructor]
Product=MalwareDestructor
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=MalwareDestructor claims to be a solution against all kinds of malware and spyware. When the user starts a scan, it finds some harmless files and registry entries as high risk problems and if the user wants to fix these false positives detected by MalwareDestructor he has to purchase a license. MalwareDestructor is nearly the same application as ExpertAntivirus.
[Win32.Agent.yfq]
Product=Win32.Agent.yfq
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.yfq is supposed to be a part of the operating system, it runs in background and installs its files and makes them look like legit Windows system files.
[Win32.Agent.cn.abmk]
Product=Win32.Agent.cn.abmk
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a Windows System Service
Privacy=
Description=Win32.Agent.cn.abmk installs itself via a fake rar archive. It then downloads a fake system file named dsml.exe and installs it as a service to harm the users computer in background.
[Microsoft.Windows.CryptSvc]
Product=Microsoft.Windows.CryptSvc
Company=
Threat=Security
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Windows cryptography service
Privacy=
Description=You can ignore this if you disable the Windows cryptography service yourself otherwise you should let Spybot-S&D fix this to restore system default settings.
[Delf.Spool.cn]
Product=Delf.Spool.cn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Supposed to be the Windows file spoolsv.exe
Privacy=
Description=This trojan horse replaces the orignal spoolsv.exe with its own to get started by the system and run in background. Variants may also connect to a chinese website in background. After fixing with Spybot-S&D please restore the original spoolsv.exe from the c:\windows\system32\dllcache folder to the c:\windows\system32 folder.
[Zlob.Downloader.iit]
Product=Zlob.Downloader.iit
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[Zlob.Downloader.fot]
Product=Zlob.Downloader.fot
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[Win32.Mapson.d]
Product=Win32.Mapson.d
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Mapson.d installs data and executable files into the System directory, starts itself in autorun as "NAV" without giving the user a possibility to cancel that process.
[GVWorldWideOnlineCasino]
Product=GVWorldWideOnlineCasino
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=GVWorldWideOnlineCasino still downloads and installs parts of the online casino in background for several minutes. Boni offers usually mislead users to play for money.
[VsSpy]
Product=VsSpy
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=VsSpy claims to be an antispyware solution that shows harmless entries as high risk problems. If the user wants to fix these false positives he has to purchase a license.
[SaferScan]
Product=SaferScan
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SaferScan claims to be an antispyware solution that shows harmless entries as high risk problems. If the user wants to fix these false positives he has to purchase a license.
[RegistryHelper]
Product=RegistryHelper
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=RegistryHelper claims to be an antispyware solution that shows harmless entries as high risk problems. If the user wants to fix these false positives he has to purchase a license.
[RegistryFixIt]
Product=RegistryFixIt
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=RegistryFixIt claims to be an antispyware solution that shows harmless entries as high risk problems. If the user wants to fix these false positives he has to purchase a license.
[PrivacyRedeemer]
Product=PrivacyRedeemer
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=PrivacyRedeemer claims to be a software to avoid abuse of the users personal information. But all it does is to delete the browser history and the temporary files stored on the computer which are labeld as high risk privacy issues. To use these functions the user has to purchase a license.
[TrustSoftAntiSpyware]
Product=TrustSoftAntiSpyware
Company=TrustSoftAntiSpyware
Threat=Malware
CompanyURL=http://www.trustsoft.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=TrustSoftAntiSpyware claims to be an antispyware solution and if it is installed on the computer, it finds some entries as malware which are totally harmless. The tool is registered through DomainsByProxy which no trusted company would do. Also it uses the same certificate as SpyKiller (former bad product of this company).
[TheSpywareDetective]
Product=TheSpywareDetective
Company=The Spyware Detective Software
Threat=Malware
CompanyURL=http://www.thespywaredetective.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=TheSpywareDetective claims to be an antispyware solution and if it is installed on the computer, it finds some entrys as malware which are totally harmless. When the user tries to fix these problems he has to buy a license and so the programs tries to frighten users by showing false positives.
[SpyHazard]
Product=SpyHazard
Company=SpyHazard.com
Threat=Malware
CompanyURL=http://www.SpyHazard.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyHazard claims to be an antispyware solution and if it is installed on the computer, it finds some entries as malware which are totally harmless. When the user tries to fix these problems he has to buy a license and so the programs tries to frighten users by showing false positives.
[TheSpywareShield]
Product=TheSpywareShield
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=TheSpywareShield is a rogue antispyware solution. It is related to SpyViper and Ad-PurgeSpywareAndAdwareRemoverPro. When installed, it asks the user to provide an e-mail address in order to get a password to run a system scan.
[StopingSpy]
Product=StopingSpy
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=StopingSpy is nearly the same application as MalwareAlarm. It scans the system and finds some false positives in order to threaten the user. If the user wants to get rid of the "problems", he has to purchase a license.
[SpywareSeizer]
Product=SpywareSeizer
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpywareSeizer is a rogue antispyware application. It is installed with some active shields, which alarm the user with every system start of spyware present on the system, which simply is not there. In addition, it detects some legal programs (TotalCommander, UniExtract) as viruses. The program simply deletes the .exe files while scanning the system.
[SpyWarp]
Product=SpyWarp
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpyWarp is a rogue antispyware application which detects cookies as elevated security risks. When the user wants to get rid of the problems, SpyWarp found in the system scan, he has to purchase a license. The application uses an outdated detection database.
[Win32.VB.btu]
Product=Win32.VB.btu
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.btu copies executable files into the System and Windows directories, starts itself in autorun as "Winad Client", "DeviceSys", "RSetting", "UserTools", "Settings", "SystemT" without giving the user a possibility to cancel that process.
[Win32.Sohanad.am]
Product=Win32.Sohanad.am
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Sohanad.am copies an executable ("SSCVIIHOST.exe") file into the Windows directory, starts itself in autorun as "Yahoo Messengger" without giving the user a possibility to cancel that process.
[Win32.Horst.aae]
Product=Win32.Horst.aae
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Horst.aae copies executable files into the Windows directory, starts itself in autorun as "wlnlogon" without giving the user a possibility to cancel that process.
[Win32.Delf.uz]
Product=Win32.Delf.uz
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.uz copies executable files into the Windows directory, starts itself in autorun as "Explorer" without giving the user a possibility to cancel that process.
[Win32.AutoRun.akc]
Product=Win32.AutoRun.akc
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.AutoRun.akc copies an executable file into the root directory, starts itself in autorun as "sysBoot" and ""sysStart" without giving the user a possibility to cancel that process.
[Iopus.STARRMonitoring]
Product=Iopus.STARRMonitoring
Company=
Threat=Keylogger
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Iopus.STARRMonitoring is a keylogger which runs in a hidden mode in the background of the operating system. It records all keystrokes without the permission of the user and so it is possible to spy on the user.
[ZoneProtectAntispyware]
Product=ZoneProtectAntispyware
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=ZoneProtectAntispyware is a rogue security tool that uses false positives to force buying a license of the software. Also it installs a variant of AdBlaster adware in the background without knowledge of the user. It opens the Internet Explorer automatically and shows advertising.
[X-ConSpywareDestroyer]
Product=X-ConSpywareDestroyer
Company=Todd Dube
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=X-ConSpywareDestroyer claims to be an antispyware solution and if it is installed on the computer, it finds some entries as malware which are completely harmless. When the user tries to fix these problems he has to buy a licence and so the programs tries to frighten users by showing false positives.
[Zango.ShoppingReport]
Product=Zango.ShoppingReport
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This application is installed in a bundle with other Zango applications like Zango, ZangoWeatherDPA, Zango.AntiSpamBar and Hotbar. Thus the user may not be able to cancel the installation process. Like all other Zango applications, this tool shows competitive offers and ad popups.
[SpywareThis]
Product=SpywareThis
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=SpywareThis is an anti spyware/anti adware application. When tested, it only found cookies although several adware products (like Zango) were installed. The misleading price for the product shown on the website was about half the price displayed on the billing formular, which is most probably intended.
[Moatsoft.AntiMalware]
Product=Moatsoft.AntiMalware
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Moatsoft.AntiMalware is a rogue antispyware application. It is installed with some active shields, which alarm the user with every system start of spyware present on the system, which simply is not there. In addition, it detects some legal programs (TotalCommander, UniExtract) as viruses. The program simply deletes the .exe files while scanning the system. It is the same application as SpywareSeizer.
[Zlob.Downloader.pit]
Product=Zlob.Downloader.pit
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third-party spyware and malware to infected computers.
[Win32.Small.ivo]
Product=Win32.Small.ivo
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.ivo pretends to be an antivirus program. It creates an autorun entry to be loaded on every windows start (note the double "i" in antiviirus). It drops files into the program folder which are immediately executed. They connect to servers on the internet.
[Virusisolator]
Product=Virusisolator
Company=
Threat=Malware
CompanyURL=http://www.virusisolator.com/
CompanyProductURL=http://www.virusisolator.com/
CompanyPrivacyURL=
Functionality=Supposed to be an antispyware software
Privacy=
Description=Official demo version appears to install normally but finds a lot of false positives, most likely intentional to make the user buy the full version.
[CoolWWWSearch.hjg]
Product=CoolWWWSearch.hjg
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be google search site
Privacy=
Description=Upon visiting the malicious website which is made to look like google the computer gets infected with trojan horses. These trojan horses install themselves to look like folders and system files. They also hijack the browser homepage and the hosts file to redirect search sites to its own malicious website. Security is also compromised by the trojan horse: System recover gets disabled, registry tools get disabled, taskmanager gets disabled, explorer settings get changed to not show file suffixes and folder options also get disabled. Reboot is required after fixing to restore access to folder options.
[BitAccelerator]
Product=BitAccelerator
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a download accelerator
Privacy=
Description=This browser plugin does not appear to be functional. The BitAccelerator connects to anonymously registered websites in background everytime the Internet Explorer is started. BitAccelerator appears to be in relation to BitAcceleratorFull, but BitAcceleratorFull is a functional downloader while BitAccelerator does not appear to give the user any benefit in exchange for connecting to an unknown website in background.
[Win32.VB.cez]
Product=Win32.VB.cez
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.cez copies library and executable files into the System directory, starts itself in autorun as "unsrvc" without giving the user a possibility to cancel that process.
[Win32.Serv-U.gen]
Product=Win32.Serv-U.gen
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Serv-U.gen copies library files into the current directory without giving the user a possibility to cancel that process. The executable file uses the Windows TaskManager icon in order to trick the user.
[Win32.Hacktool]
Product=Win32.Hacktool
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Hacktool is a tool, which is designed to attack a computer.
[Win32.Agent.ghs]
Product=Win32.Agent.ghs
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.ghs copies library and executable files into the Windows and System directories, starts itself in Winlogon as "Userinit" without giving the user a possibility to cancel that process.
[Win32.Agent.LKF]
Product=Win32.Agent.LKF
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.LKF copies a library file into the System directory without giving the user a possibility to cancel that process. Also closes Spybot - S & D and other monitoring programs and blocks their future execution.
[Munga_Bunga.HDDFormat]
Product=Munga_Bunga.HDDFormat
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Munga_Bunga.HDDFormat creates .bat files, replaces autoexec.bat content and tries to format drives attached to the computer.
[Win32.Agent.SB]
Product=Win32.Agent.SB
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.SB installs to the Windows directory. After the installation has been completed it hides using rootkit funtionality. After that, hidden in the background it waits for orders to harm the system.
[RegistryPatrol]
Product=RegistryPatrol
Company=The Post Media Network
Threat=Malware
CompanyURL=http://www.registrypatrol.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=RegistryPatrol claims to be an antispyware solution that shows harmless entries as high risk problems. Also it marks Spybot-S&D as high threat.
[Netcom3Cleaner]
Product=Netcom3Cleaner
Company=Netcom3 Software, Inc.
Threat=Malware
CompanyURL=http://www.netcom3.com/
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Netcom3Cleaner claims to be a registry cleaner solution that shows harmless entries as high risk problems. If the user wants to fix these false positives he has to purchase a license.
[HackNuke]
Product=HackNuke
Company=Security Lab / Positive Technologies
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=HackNuke includes the functionality to send variable data packages to any IP, which may cause crashes on the target system. Also it bundles advertising Google ads and uses them aggressively.
[Windows.Antivirus2008]
Product=Windows.Antivirus2008
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Windows.Antivirus2008 is a rogue antispyware solution. It scans the system and reports several non existent threats. It displays a popup every few minutes in order to lure the user into buying the product.
[FlashExploit]
Product=FlashExploit
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=supposed to be a legit website like youtube or a game forum
Privacy=
Description=This trojan horse uses faked or infested websites to infect computers via vulnerable flash plugins. It connects to its malicious websites in background, downloads and installs its files in background. It exchanges the spoolsv.exe with its own malicious file and enters itself as a system service and also starts itself in System Start as "Shell". Removal may require reboot of the computer and a subsequent scan.
[Zlob.Downloader.lor]
Product=Zlob.Downloader.lor
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[Win32.Winlagons.co]
Product=Win32.Winlagons.co
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Winlagons.co
[Win32.Virut.be]
Product=Win32.Virut.be
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This file has been manipulated. It has a name "avcenter.exe", but does not belong to Antivir.
[Win32.VB.h]
Product=Win32.VB.h
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.h starts an executable file in autorun as "LocalDrive" without giving the user a possibility to cancel that process.
[Win32.Small.buy]
Product=Win32.Small.buy
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.buy loads and installs Zlob.CommandService, NetworkMonitor without giving the user a possibility to cancel that process.
[Win32.PCClient]
Product=Win32.PCClient
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.PCClient installs executable files into the Windows and System directories, starts itself in autorun without giving the user a possibility to cancel that process.
[Win32.IRCBot.are]
Product=Win32.IRCBot.are
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.IRCBot.are copies executable files into the System directory, starts itself in autorun as "Dynamic System Bios" without giving the user a possibility to cancel that process. Also changes the windows firewall settings and adding mslog.exe to the allowed applications.
[Win32.Delf.bd]
Product=Win32.Delf.bd
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.bd installs executable file into the "System\Drivers" directory, starts itself in autorun as "svcshare" without giving the user a possibility to cancel that process.
[Win32.Bifrose.fmr]
Product=Win32.Bifrose.fmr
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Bifrose.fmr copies an executable file into the "Extracted" directory, starts itself in autorun as "svchost" without giving the user a possibility to cancel that process.
[Win32.Agent.ys]
Product=Win32.Agent.ys
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.ys changes some registry settings of WMI Performance Adapter Service (blocks normal start) without giving the user a possibility to cancel that process.
[Win32.Agent.awz]
Product=Win32.Agent.awz
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.awz copies an library file into the System directory, starts itself in autorun as "Winad Client" without giving the user a possibility to cancel that process.
[My811.Toolbar]
Product=My811.Toolbar
Company=
Threat=Hijacker
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=My811.Toolbar installs a malicious toolbar to the Internet Explorer without asking the user for permission. Additionally My811.Toolbar connects to the Internet without user consent and redirects startpages to their own website.
[WinSpywareProtect]
Product=WinSpywareProtect
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WinSpywareProtect is a rogue antispyware solution (in close relation to MalWarrior). It scans the system and reports several non existent threats. Further it displays popups every few minutes in order to lure the user into buying the product.
[WinSpywareProtect]
Product=WinSpywareProtect
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WinSpywareProtect is a rogue antispyware solution (in close relation to MalWarrior). It scans the system and reports several non existent threats. Further it displays popups every few minutes in order to lure the user into buying the product.
[Win32.PrivacySet]
Company=
Product=Win32.PrivacySet
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan lowers system security by changing registry entries.
[Win32.KillFW]
Product=Win32.KillFW
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The downloaded file copies itself as svchost.exe into the Windows directory and creates autorun entries with random name (same as filename) in order to run at system startup. Additionally it disables the Windows firewall.
[Win32.KillAVGenerator]
Product=Win32.KillAVGenerator
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This application is able to create files that shut down your firewall and anti-virus applications, or disable the security center and automatic updates. It may create autorun entries for the dropped files.
[Win32.Exchanger.ch]
Product=Win32.Exchanger.ch
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan copies itself into the system directory and runs as a system service. It tries to download further malware.
[Pointfree]
Product=Pointfree
Company=
Threat=Adware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This application installs into its own directory. It creates the autorun entry "pointfree" in order to run on every system startup.
[FakeIkeaPlugin]
Product=FakeIkeaPlugin
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan installs itself as ikea.exe. It is able to download other malicious software.
[BHO.CenterLock]
Product=BHO.CenterLock
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This BrowserHelper gets installed with some other malware. It has its own uninstaller. It keeps the Internet Explorer from running correctly.
[Win32.Lmir.asy]
Product=Win32.Lmir.asy
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Lmir.asy copies executable files into the system and windows directories, changes registry settings and blocks stating executable files. May also attack any router in the network.
Functionality="Do you want to know what your buddy or colleague is typing? Or perhaps you want to check up on your family members and know what they are doing on your computer? With Perfect Keylogger it is possible in just 2 minutes! This program runs on the installed computer, fully hidden from its users, and logs everything that is typed in a protected file. This program runs on the installed computer, being fully hidden from its users, and logs in a protected file all users' typing that occurs. Features list: Can be fully hidden from the user and running permanently Supports all Windows versions, including Windows XP Sending log by e-mail in the hidden mode Can be invisible in Windows NT/2000/XP Task Manager and Windows 9.x/Me Task List Log file is encrypted and can be protected with a password Easy log viewing and management Possibility to specify target applications "
Privacy=
Description=The Perfect Keylogger often gets installed in a combination with several trojans. Often it is installed in the windows directory and so it is invisible to the user. The Perfect Keylogger records all keystrokes and tries to send them via internet.
[Coulomb Ltd.Content Access Plugin]
Product=Coulomb Ltd.Content Access Plugin
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=Content dialer
Privacy=
Description=Coulomb Ltd.Content Access Plugin is an illegal content dialer.
[Virtumonde.prx]
Product=Virtumonde.prx
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Virtumonde.prx installs itself in background and registers itself to the system start. It also installs itself as a proxy thus enabling it to manipulate any internet traffic to the users computer.
[Virtumonde.sci]
Product=Virtumonde.sci
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Virtumonde.sci is another Virtumonde variant, it installs in background, registers itself to the Winlogon and as a Browser Helper Object (BHO). It also attaches itself to the explorer which can cause system instability.
[Win32.VB.eu]
Product=Win32.VB.eu
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.eu copies itself in all directories with random names. It also starts itself in autorun as "schedl" without giving the user a possibility to cancel that process.
[Win32.Settec.a]
Product=Win32.Settec.a
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Settec.a drops a dll file in the user's computer and pretends to belong to Microsoft using a faked version info entry.
[Win32.Peed.Gen]
Product=Win32.Peed.Gen
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Immediatly after Win32.Peed.Gen has been executed Windows will be shut down.
[Win32.CoiDung.a]
Product=Win32.CoiDung.a
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.CoiDung.a installs data and executable files into Windows and System directories, starts itself in autorun as "dc", "dc2k5" and "Fun" without giving the user a possibility to cancel that process.
[Win32.Agent.hy]
Product=Win32.Agent.hy
Company=
Threat=Dialer
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This illegal content dialer copies an executable file into the 'Program\delsim' directory, adds a shortcut to the Windows start menu and tries to download popro live video.
[Win32.Agent.bm]
Product=Win32.Agent.bm
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Agent.bm installs the executable files (rae.exe, WinSpooler.exe) into System directory, starts itself via a policy as "Windows Printing Driver" without giving the user a possibility to cancel that process.
[WareSoft.Shutdown]
Product=WareSoft.Shutdown
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=WareSoft.Shutdown shuts down Windows without giving the user a possibility to cancel that process.
[VistaAntivirus2008]
Product=VistaAntivirus2008
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=VistaAntivirus2008 claims to be an antispyware solution which does not work properly. There seems to be a close relation to other well known rogue antispyware tools like Fake.XPAntivirus and Windows.Antivirus2008.
[AntispySpider]
Product=AntispySpider
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=AntispySpider claims to be an antispyware solution that flags harmless entries as high risk problems. If the user wants to fix these false positives he has to purchase a license. There seems to be a close relation to PerformanceOptimizer.
[Win32.Bandok]
Product=Win32.Bandok
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Bandok.av copies an executable file into the system directory, starts itself in autorun as "Bandook" without giving the user a possibility to cancel that process.
[Zlob.Downloader.wet]
Product=Zlob.Downloader.wet
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Trojan, which downloads and installs various third party spyware and malware to the infected computer.
[Win32.Xema.bn]
Product=Win32.Xema.bn
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Xema.bn starts itself in autorun (without display name) without giving the user a possibility to cancel that process.
[Win32.OnLineGames.es]
Product=Win32.OnLineGames.es
Company=
Threat=
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.OnLineGames.es copies executable files into the Windows directory and a library file in the System directory, it starts itself in autorun as "javvavm" without giving the user a possibility to cancel that process.
[Win32.Lotto]
Product=Win32.Lotto
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Lotto installs executable files into Windows, System and Program directories, it starts itself in autorun as "2008", "6" without giving the user a possibility to cancel that process. Also changes in registry the file extension settings of .bat, .com, .js, .vba etc. files as .exe, Userinit value, blocks Windows registry editor "Regedit", TaskManager and disables the Windows firewall.
[Win32.Delf.avc]
Product=Win32.Delf.avc
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.avc pretends to be the performance boosting software XPsmoker.
[Win32.Autoit.p]
Product=Win32.Autoit.p
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Autoit.p copies an executable file into System directory, starts itself in autorun as "run1","run2", "run3" and "Msmsgs" and disables Windows firewall and TaskManager without giving the user a possibility to cancel that process.
[DAEMONToolsPro.Crack]
Product=DAEMONToolsPro.Crack
Company=
Threat=PUPS
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=DAEMONToolsPro.Crack is Crack for DAEMON Tools Pro. It drops library files into the current directory where the process has been executed. Also copies library files in the System32 folder without giving the user a possibility to cancel that process.
[MalwareProtector2008]
Product=MalwareProtector2008
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=MalwareProtector2008 claims to be an antispyware solution that shows harmless entries as high risk problems. If the user wants to fix these false positives he has to purchase a license.
[Win32.Flux.fm]
Product=Win32.Flux.fm
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Flux.fm copies itself to the system directory and tries to connect to the internet. When connected to a server it waits for new orders to spy on the user.
[Win32.Agent.sfg]
Product=Win32.Agent.sfg
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan downloads other executable files and installs malicious system files. Also creates a service in order to be executed in the background.
[Win32.Webdir.b]
Product=Win32.Webdir.b
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Webdir.b installs real components of sound and video codecs into the Windows and system directories. Also copies and registers a malicious VirtualDNS.dll into the Windows directory without giving the user a possibility to cancel that process.
[Win32.VB.cj]
Product=Win32.VB.cj
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.VB.cj starts itself in autorun as "iexplore" using a name similar to Microsoft files in order to hide its true intention.
[Win32.Small.UBV]
Product=Win32.Small.UBV
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Small.UBV copies an executable file into the System directory with a random name trying to escape detection without user notice.
[Win32.Emogen-K]
Product=Win32.Emogen-K
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Emogen-K starts itself in autorun as "svchost" using a name similar to Microsoft files in order to hide its true intention.
[Win32.Delf.es]
Product=Win32.Delf.es
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Delf.es is a modified video repair software. It installs executable files into the Windows directory, starts itself in autorun as "CTMON.EXE" using a name similar to Microsoft files in order to hide its true intention.
[Win32.AOLPass.i]
Product=Win32.AOLPass.i
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.AOLPass.i changes Userinit-settings which is also responsible for the login process of the operating system. This may lead to damage of the login process.
[Win32.AutoRun.dli]
Product=Win32.AutoRun.dli
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.AutoRun.dli installs malicious faked Windows system files, hides itself and makes the system insecure. This way it waits for new orders to spy on the user. It also creates autorun entries to start automatically in the background when the system loads.
[Win32.Podnuha.ee]
Product=Win32.Podnuha.ee
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Win32.Podnuha.ee runs in background and is able to download other also malicious files via an opened internet connection.
[Win32.Buzus.jqw]
Product=Win32.Buzus.jqw
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=The trojan copies itself into the Windows directory and creates an autorun entry "Windows Services". It connects to the internet and opens several ports lowering the PC security.
[Fraud.XpCleaner]
Product=Fraud.XpCleaner
Company=
Threat=Malware
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=Fraud.XpCleaner claims to be an antispyware solution. When it is installed on the computer it shows a lot of harmless cookies, and other usage tracks as high risk privacy problems. When the user wants to fix these so called threats he has to purchase a license. Fraud.XpCleaner is nearly the same application as Fraud.XPAntivirus.
[Fagianom]
Product=Fagianom
Company=
Threat=Trojan
CompanyURL=
CompanyProductURL=
CompanyPrivacyURL=
Functionality=
Privacy=
Description=This trojan connects to a remote website and is able to install a dial-up connection which may result in extra costs for the user. It is disguised as Freecell.exe, a popular Microsoft game. The icon is a java cup also chosen to fool the user.
