Virus Threats and Removal Tools

You are here: HOME > COMPUTER > ANTIVIRUS

Infostealer.Bzup Reported: August 03, 2006

Description: Infostealer.Bzup is capable of stealing confidential confidential banking information from the infected computer.
Technical Name:	Infostealer.Bzup
Threat Level:	Low
Type:	Trojan Horse
Systems Affected:	Windows All

MAIN MENU

Home

VIRUS SEARCH

QUICKLINKS

• Antivirus

• Firewall

• Anti-Spy

• Laptop Review

• Desktop Review

• Ringtone Downloads

Secure Internet in Schools
Posted: 3-Nov-05

Internet Fraud and Online Scams
Posted: 22-Sept-05

Hacking Yahoo, Hotmail, Lycos...
Posted: 13-Sept-05

VIEW ARTICLE ARCHIVE

Infostealer.Bzup removal procedure requires technical know-how on computer troubleshooting. It is better to consult your LAN Administrator or Technical Persons to avoid additional damage on your computer if modifications on Services and Registry have to be done.

MANUAL REMOVAL:

1. Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definitions.
3. Run a full system scan and delete all infected files.
4. Delete any values added to the registry. [how to edit registry]

Navigate to the subkey and delete the value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
\StandardProfile\AuthorizedApplications\List\ProgramFiles\Internet Explorer
Value:
"IEXPLORE.EXE" = "%ProgramFiles%\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"

Navigate to the subkey and delete the values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load
Values:
"cmpid" = "[ENCRYPTED VALUE]"
"forwas" = "[ENCRYPTED VALUE]"
"h" = "[RANDOM VALUE]"
"ino" = "[ENCRYPTED VALUE]"
"net_insll" = "[RANDOM VALUE]"
"timU" = "[RANDOM VALUE]"
"worg" = "[ENCRYPTED VALUE]"

Navigate to and delete the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78364D99-A640-4DDF-B91A-67EFF8373045}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper obJects\{78364D99-A240-4dff-B11A-67E448373045}

Navigate to the subkey and delete the values:
HKEY_CLASSES_ROOT\CLSID\{73364D99-1240-4dff-B11A-67E448373048}\InProcServer32
Values:
"(default)" = "C:\WINDOWS\system32\ipv6mons.dll"
"Enable Browser Extensions" = "yes"
"ThreadingModel" = "apartment"

Navigate to the subkey and restore the value:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Value:
"Enable Browser Extensions" = "yes"

5. Exit the Registry Editor and restart the computer.

6. In order to make sure that Infostealer.Bzup is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.

FREE ON-LINE VIRUS SCANNER

Click here to proceed

SPYWARE REMOVAL TOOLS:

Download and run any of these Anti-Spyware: