Performance Optimizer is a misleading application that will pop-up fake scan reports. Performance Optimizer can be manually installed with users knowledge when it pretend as a useful program coming from a remote server. Errors will be detected during the scan and prompt users to fix it using the licensed version of the program. This rogue software will also modify Internet browser that will redirect visitors to unwanted web pages.
More
Trojan.Mdropper.Z may arrive on computers as an email attachment to spam messages. When executed, Trojan.Mdropper.Z will exploit the Microsoft Word Workspace Memory Corruption Remote Code Execution Vulnerability (BID 25906) for Microsoft Word 2000 and XP to be able to drop and run malicious executable file from a remote server. More
W32.Niuniu can propagate via unsecured network shares and removable media storage devices by means of infected .html files. W32.Niuniu will copy itself on available removable media devices and also drops an autorun.inf file that points to a hidden .exe file. More
Trojan.Fakeavalert is a detection for a Trojan that will dropped a rogue security application on computer that will modify settings on compromised computer to mislead computer users. Trojan.Fakeavalert will display fake alert messages and pop-up security alerts and tries to convince user to purchase the registered version of the rogue program. Trojan.Fakeavalert can also end security-related process that will lessen security settings of the infected computer.
Alias: Generic FakeAlert.b, TROJ_FAKEAV.UF, Troj/FakeVir-KY, Trojan.Fakeavalert!sd6, Mal/FakeVirPk-A, Mal/TibsPk-A
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
1. Click here to download removal tool. Save it on your Desktop.
2. After downloading, double-click on the file to install the application.
3. Follow the prompts and install as “default” only
4. If it prompts to update the database after installation, please proceed.
5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished, click on the “Show Results”
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart the computer.
Note: MALWARE may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.
1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Restart Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.
Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found on websites of legitimate anti-virus and security provider.
Malicious Files Added by Trojan.Fakeavalert:
%UserProfile%\Start Menu\Programs\Startup\system.exe
C:\Documents and Settings\All Users\ Start Menu\Programs\Startup\autorun.exe
%System%\printer.exe
%System%\WinAvXX.exe
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”WinAVX” = “%System%\WinAvXX.exe”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current Version\Run\”WinAVX” = “%System%\WinAvXX.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon\”Shell” = “Explorer.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon\”Shell” = “Explorer.exe %System%\printer.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\InternetSettings\Zones\0\”1200″³ = “0″³
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Enable Browser Extensions” = “yes”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Shared Access\Parameters\FirewallPolicy\DomainProfile\Authorized Applications\List\%Windir%\system32\”winav.exe” = “%Windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019″³
HKEY_CLASSES_ROOT\.htm\”(Default Value)” = “htmlfile”
HKEY_CLASSES_ROOT\.html\”(Default Value)” = “htmlfile”
HKEY_CLASSES_ROOT\.shtml\”(Default Value)” = “htmlfile”
HKEY_CLASSES_ROOT\.xht\”(Default Value)” = “htmlfile”
HKEY_CLASSES_ROOT\.xhtml\”(Default Value)” = “htmlfile”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Advanced\”EnableBalloonTips” = “1″³
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Advanced\”EnableBalloonTips” = “1″³
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\system\”DisableTaskMgr” = “1″³
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current Version\policies\system\”DisableTaskMgr” = “1″³
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\”NoControlPanel” = “1″³
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Policies\Explorer\”NoControlPanel” = “1″³
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\policies\system\”DisableRegistryTools” = “1″³
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current Version\policies\system\”DisableRegistryTools” = “1″³
HKEY_CURRENT_USER\Software\Policies\Microsoft\windows\Windows Update\”NoAutoUpdate” = “1″³
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Update\AU\”NoAutoUpdate” = “1″³
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\”NoWindowsUpdate” = “1″³
HKEY_CLASSES_ROOT\gopher\shell\open\command\:””C:\Program Files\Internet Explorer\”iexplore.exe” = “-nohome”
HKEY_CLASSES_ROOT\gopher\shell\open\command\: “”C:\Program Files\Internet Explorer\”iexplore.exe” = “%1″³
HKEY_CLASSES_ROOT\HTTP\shell\open\command\: “”C:\Program Files\Internet Explorer\”iexplore.exe” = “-nohome”
HKEY_CLASSES_ROOT\HTTP\shell\open\command\: “”C:\Program Files\Internet Explorer\”iexplore.exe” = “%1″³
HKEY_CLASSES_ROOT\https\shell\open\command\: “”C:\Program Files\Internet Explorer\”iexplore.exe” = “-nohome”
HKEY_CLASSES_ROOT\https\shell\open\command\: “”C:\Program Files\Internet Explorer\”iexplore.exe” = “%1″³
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Default_Search_URL” = “http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Default_Search_URL” = “http://www.google.com/ie”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Search Page” = “http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Search Page” = “http://www.google.com”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Start Page” = “http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Start Page” = “http://www.google.com”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Start Page” = “http://www.google.com/”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Start Page” = “http://www.google.com”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Search Page” = “http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Search Page” = “http://www.google.com”
W32.Niuniu!inf is a detection for files that has been infected with W32.Niuniu. Files identified as W32.Niuniu!inf may propagate by creating a duplicate of itself on removable media devices and unsecured network drives. More
Trojan.Webkit!html is a common detection method used to detects HTML files that contains malicious code to redirect users to its predefined Web servers where it can download additional malware onto the infected computer. More
Bloodhound.Exploit.162 is a common detection process for TIFF graphics files attempting to exploit the Kodak Image Viewer Remote Code Execution Vulnerability (BID 25909). Files detected as Bloodhound.Exploit.162 are deemed malicious and requires a removal. This is very much applicable to operating systems such as Window 2000 Server Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1 and 2. More
JS/Downloader.Agent is a detection for JavaScript files that may have malicious intent to download and execute additional malware onto the computer. When it enters the computer, JS/Downloader.Agent will inject itself on Internet Explorer that may lead to web browser redirection. This Trojan also reduces overall system performance of the PC when running its own processes. Other activity includes excessive pop-up advertisement and constant communication to remote IP address. JS/Downloader.Agent is similarly utilized to spread rogue security software. In these cases, the Trojan will disguise as legitimate software update. More
Spyware.LocalKeylog is a program that will monitor and logs any activity on the target computer. Spyware.LocalKeylog was designed to record key strokes to capture sensitive information such as user name and passwords. It is widely available online as a commercial and legit program. More