Saynottohackers2
This is a little long but I want to show you just what the Invisus.com security system found on my computer just AFTER I did a thorough scan using Zonealarm ,Spyware Nuker, and Registry Mechanic supposedly some of the best protection programs available - - NOT!
The Invisus.com security system found 25 files
infected of the 356,462 files scanned, and 45 of the 3378 registry files were
infected also; that Zone Alarm, Spyware Nuker, and Registry Mechanic failed to
find.
I'll give you the summary file first, and then the detailed files of each below
that to show you just how thorough the Invisus security system is at finding,
identifying, describing, and eradicating these threats to your computer.
Spyware Scan Details
Start Date: 9/14/2006 7:21:09 PM
End Date: 9/14/2006 8:48:33 PM
Total Time: 1 hrs 27 mins 24 secs
Detected
spyware
Guardian
Monitor Commercial Key Logger more
information...
Details: Guardian Monitor is a keylogger which records keystrokes of the PC.
Status: Deleted
PassBack
AIM Password Cracker/Stealer more
information...
Details: PassBack AIM is a password hijacker.
Status: Deleted
Infected files detected
c:\program files\trek blue\spyware nuker\errorlog.txt
c:\program files\trek blue\spyware nuker\nukerlog19-03-05-1785.txt
c:\program files\trek blue\spyware nuker\nukerlog19-03-05-95443.txt
c:\program files\trek blue\spyware nuker\nukerlog20-03-05-38579.txt
c:\program files\trek blue\spyware nuker\nukerlog20-03-05-40546.txt
c:\program files\trek blue\spyware nuker\nukerlog20-03-05-6000.txt
c:\program files\trek blue\spyware nuker\spyupdate.exe
WinFixer
Rogue Security Program more
information...
Details: WinFixer is a disabled data repair utility that nags the user to
purchase it in order to fix the problems reported in its scan.
Status: Deleted
Infected files detected
c:\winnt\downloaded program files\uwfx5_0001_n66m1101netinstaller.exe
Aureate
Group Mail Adware (General) more
information...
Status: Deleted
Infected files detected
J:\1Backups from E Drive\1Backups from zipdiscs\Group Mail\ajj.exe
J:\1Backups from E Drive\1Backups from zipdiscs\Group Mail\gm_ae.dct
J:\1Backups from E Drive\1Backups from zipdiscs\Group Mail\GROUPU~1.EXE
J:\1Backups from E Drive\1Backups from zipdiscs\Group Mail\GroupUpdater.exe
J:\1Backups from E Drive\1Backups from zipdiscs\Group Mail\BACKUP\ajj.001
J:\1Backups from E Drive\1Backups from zipdiscs\Group Mail\BACKUP\ajj.002
J:\1Backups from E Drive\1Backups from zipdiscs\Group Mail\BACKUP\ajj.003
J:\1Backups from E Drive\1Backups from zipdiscs\Group Mail\BACKUP\ajj.exe
J:\1Backups from E Drive\1Backups from zipdiscs\Group Mail\BACKUP\GMAGlue.001
J:\1Backups from E Drive\1Backups from zipdiscs\Group Mail\BACKUP\GMAGlue.exe
J:\1Backups from E Drive\1Backups from zipdiscs\Group Mail\BACKUP\gm_ae.001
J:\1Backups from E Drive\1Backups from zipdiscs\Group Mail\BACKUP\gm_ae.dct
J:\1Backups from E Drive\1Backups from zipdiscs\Group Mail\BACKUP\GroupUpdater.exe
Win-Spy
Commercial Key Logger more
information...
Details: Win-Spy is a keylogger and monitoring tool that records keystrokes and
other data.
Status: Deleted
Infected files detected
c:\program files\common files\deskshare shared\ocx\ezvidc60.ocx
Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}
HKEY_CLASSES_ROOT\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}\Control
HKEY_CLASSES_ROOT\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}\InprocServer32
C:\Program Files\Common Files\DeskShare Shared\ocx\ezVidC60.ocx
HKEY_CLASSES_ROOT\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}\InprocServer32
ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}\MiscStatus\1
131473
HKEY_CLASSES_ROOT\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}\ProgID
vbVidC60.ezVidCap
HKEY_CLASSES_ROOT\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}\ToolboxBitmap32
C:\Program Files\Common Files\DeskShare Shared\ocx\ezVidC60.ocx, 30000
HKEY_CLASSES_ROOT\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}\TypeLib
{DF6D6558-5B0C-11D3-9396-008029E9B3A6}
HKEY_CLASSES_ROOT\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}\VERSION 1.0
HKEY_CLASSES_ROOT\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6} vbVidC60.ezVidCap
HKEY_CLASSES_ROOT\CLSID\{DF6D655A-5B0C-11D3-9396-008029E9B3A6}
HKEY_CLASSES_ROOT\CLSID\{DF6D655A-5B0C-11D3-9396-008029E9B3A6}\ProgID
vbVidC60.ICapCallBack
HKEY_CLASSES_ROOT\CLSID\{DF6D655A-5B0C-11D3-9396-008029E9B3A6}\TypeLib
{DF6D6558-5B0C-11D3-9396-008029E9B3A6}
HKEY_CLASSES_ROOT\CLSID\{DF6D655A-5B0C-11D3-9396-008029E9B3A6}\VERSION 1.0
HKEY_CLASSES_ROOT\CLSID\{DF6D655A-5B0C-11D3-9396-008029E9B3A6}
vbVidC60.ICapCallBack
HKEY_CLASSES_ROOT\Interface\{DF6D6559-5B0C-11D3-9396-008029E9B3A6}
HKEY_CLASSES_ROOT\Interface\{DF6D6559-5B0C-11D3-9396-008029E9B3A6}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DF6D6559-5B0C-11D3-9396-008029E9B3A6}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DF6D6559-5B0C-11D3-9396-008029E9B3A6}\TypeLib
{DF6D6558-5B0C-11D3-9396-008029E9B3A6}
HKEY_CLASSES_ROOT\Interface\{DF6D6559-5B0C-11D3-9396-008029E9B3A6}\TypeLib
Version 1.0
HKEY_CLASSES_ROOT\Interface\{DF6D6559-5B0C-11D3-9396-008029E9B3A6} ICapCallBack
HKEY_CLASSES_ROOT\Interface\{DF6D6568-5B0C-11D3-9396-008029E9B3A6}
HKEY_CLASSES_ROOT\Interface\{DF6D6568-5B0C-11D3-9396-008029E9B3A6}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DF6D6568-5B0C-11D3-9396-008029E9B3A6}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DF6D6568-5B0C-11D3-9396-008029E9B3A6}\TypeLib
{DF6D6558-5B0C-11D3-9396-008029E9B3A6}
HKEY_CLASSES_ROOT\Interface\{DF6D6568-5B0C-11D3-9396-008029E9B3A6}\TypeLib
Version 1.0
HKEY_CLASSES_ROOT\Interface\{DF6D6568-5B0C-11D3-9396-008029E9B3A6} ezVidCap
HKEY_CLASSES_ROOT\Interface\{DF6D656E-5B0C-11D3-9396-008029E9B3A6}
HKEY_CLASSES_ROOT\Interface\{DF6D656E-5B0C-11D3-9396-008029E9B3A6}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DF6D656E-5B0C-11D3-9396-008029E9B3A6}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DF6D656E-5B0C-11D3-9396-008029E9B3A6}\TypeLib
{DF6D6558-5B0C-11D3-9396-008029E9B3A6}
HKEY_CLASSES_ROOT\Interface\{DF6D656E-5B0C-11D3-9396-008029E9B3A6}\TypeLib
Version 1.0
HKEY_CLASSES_ROOT\Interface\{DF6D656E-5B0C-11D3-9396-008029E9B3A6} ezVidCap
HKEY_CLASSES_ROOT\TypeLib\{DF6D6558-5B0C-11D3-9396-008029E9B3A6}
HKEY_CLASSES_ROOT\TypeLib\{DF6D6558-5B0C-11D3-9396-008029E9B3A6}\1.0\0\win32
C:\Program Files\Common Files\DeskShare Shared\ocx\ezVidC60.ocx
HKEY_CLASSES_ROOT\TypeLib\{DF6D6558-5B0C-11D3-9396-008029E9B3A6}\1.0\FLAGS 2
HKEY_CLASSES_ROOT\TypeLib\{DF6D6558-5B0C-11D3-9396-008029E9B3A6}\1.0\HELPDIR
C:\Program Files\Common Files\DeskShare Shared\ocx
HKEY_CLASSES_ROOT\TypeLib\{DF6D6558-5B0C-11D3-9396-008029E9B3A6}\1.0 ezVidCap
Component by Ray Mercer (VB6)
HKEY_CLASSES_ROOT\vbVidC60.ezVidCap
HKEY_CLASSES_ROOT\vbVidC60.ezVidCap\Clsid {DF6D6569-5B0C-11D3-9396-008029E9B3A6}
HKEY_CLASSES_ROOT\vbVidC60.ezVidCap vbVidC60.ezVidCap
HKEY_CLASSES_ROOT\vbVidC60.ICapCallBack
HKEY_CLASSES_ROOT\vbVidC60.ICapCallBack\Clsid
{DF6D655A-5B0C-11D3-9396-008029E9B3A6}
HKEY_CLASSES_ROOT\vbVidC60.ICapCallBack vbVidC60.ICapCallBack
If you clicked on the more
information link in each of the finds above; below are the pages that it takes
you to that really tells you what these things do. You also then are taken to a
page where you can delete all these files or quarantine them.
|
Type |
Surveillance
Tool |
|
Type
Description |
Surveillance
Tools are software applications that monitor and capture data from
computers including screenshots, keystrokes, web cam and microphone data,
instant messaging chat sessions, email, visited websites, programs run and
files accessed and files shared on a P2P (peer to peer) network. Many
Surveillance Tools can run in stealth mode, hidden from the user, and have
the ability to store captured data for later retrieval by or transmission
to another computer. A key logger is one simple, standard type of
Surveillance Tool. |
|
Category |
Commercial
Key Logger |
|
Category
Description |
A
Commercial Key Logger is a program that captures and logs keystrokes as
they are entered on the computer for the purpose of monitoring the user.
The logged data, which may be encrypted, is saved or sent to the person
who installed the key logger. These applications often run in stealth mode
and are invisible to the user that is being monitored. Such key loggers
are sold commercially and may be used legitimately if deployed by
authorized administrators and disclosed to the persons being monitored, as
in a business environment. The use of a key logger to monitor persons
without their knowledge has been ruled illegal in at least one
jurisdiction. |
|
Level |
High |
|
Level
Description |
High
risk threats are typically installed without user interaction through
security exploits, and can severely compromise system security. Such
threats may open illicit network connections, use polymorphic tactics to
self-mutate, disable security software, modify system files, and install
additional malware. These threats may also collect and transmit personally
identifiable information (PII) without your consent and severely degrade
the performance and stability of your computer. |
|
Advice
Type |
Remove |
|
Description |
Guardian
Monitor is a keylogger which records keystrokes of the PC. |
|
Add.
Description |
Guardian
Monitor is a keylogger which records keystrokes of the PC. It also monitor
everything that happens on a PC and the Internet. Guardian Monitor records
instant messages, Web sites and video from user's PC. |
|
Author |
Guardian
Software |
|
Author
Description |
Guadian
Monitor Classic 9.75 is a software which allows you to monitor everything |
|
Type |
Surveillance
Tool |
|
Type
Description |
Surveillance
Tools are software applications that monitor and capture data from
computers including screenshots, keystrokes, web cam and microphone data,
instant messaging chat sessions, email, visited websites, programs run and
files accessed and files shared on a P2P (peer to peer) network. Many
Surveillance Tools can run in stealth mode, hidden from the user, and have
the ability to store captured data for later retrieval by or transmission
to another computer. A key logger is one simple, standard type of
Surveillance Tool. |
|
Category |
Password
Cracker/Stealer |
|
Category
Description |
A
Password Cracker is software that is used to discover secret passwords on
a computer or network. While Password Crackers have legitimate uses, they
may also used by an attacker to gain unauthorized access to a computer or
network without the user's or network administrator's knowledge and
consent. A Password Stealer is software that surreptitiously captures
passwords, typically used by an attacker to gain unauthorized access to a
computer or network or to obtain login credentials for financial accounts
and institutions. Password Crackers and Stealers are often designed to be
executed and used in stealth mode, undetected by computer users and
network administrators. |
|
Level |
Elevated |
|
Level
Description |
Elevated
threats are typically installed without adequate notice and consent, and
may make unwanted changes to your system, such as reconfiguring your
browser’s homepage and search settings. These threats may install
advertising-related add-ons, including toolbars and search bars, or insert
advertising-related components into the Winsock Layered Service Provider
chain. These new add-ons and components may block or redirect your
preferred network connections, and can negatively impact your computer’s
performance and stability. Elevated threats may also collect, transmit,
and share potentially sensitive data without adequate notice and consent. |
|
Advice
Type |
Remove |
|
Description |
PassBack
AIM is a password hijacker. |
|
Add.
Description |
PassBack
AIM can recover your password from the Windows Registry only if you have
selected "Save Password". It will recover passwords
automatically when it is started. Simply select the password you require
from the list. Passwords are recovered instantl |
|
Author |
Nitro
Technologies |
|
Author
Description |
PassBack
AIM can recover your password from the Windows Registry only if you have
selected "Save Password". It will recover passwords
automatically when it is started. Simply select the password you require
from the list. Passwords are recovered instantl |
|
Author
URL |
nitrotech.co.uk/downloads/PassBackAIM.zip |
|
File
Traces |
|
|
|
%DESKTOPDIRECTORY%\PassBackAIM\InstallPassbackAIM.exe |
|
|
%DESKTOPDIRECTORY%\PassBackAIM\PassbackAIM.exe |
|
|
%PROGRAM_FILES%\Passback
Suite\PassBackAIM.exe |
|
|
%PROGRAM_FILES%\Passback
Suite\UninstallPassbackAIM.exe |
|
|
%windows%\desktop\PassBackAIM\InstallPassbackAIM.exe |
|
|
%windows%\desktop\PassBackAIM\PassbackAIM.exe |
|
Type |
Misc |
|
Type
Description |
Miscellaneous
threats include applications that do not fit into other categories or that
fall into multiple categories. Miscellaneous threats typically include
some form of potentially objectionable functionality that may pose privacy
or security risks to users and their PCs. |
|
Category |
Rogue
Security Program |
|
Category
Description |
A
Rogue Security Program is software that purports to scan and detect
malware or other problems on the computer, but which attempts to dupe or
badger users into purchasing the program by presenting the user with
intrusive, deceptive warnings and/or false, misleading scan results. Rogue
Security Programs typically use aggressive, deceptive advertising and may
be installed without adequate notice and consent, often though exploits. |
|
Level |
Elevated |
|
Level
Description |
Elevated
threats are typically installed without adequate notice and consent, and
may make unwanted changes to your system, such as reconfiguring your
browser’s homepage and search settings. These threats may install
advertising-related add-ons, including toolbars and search bars, or insert
advertising-related components into the Winsock Layered Service Provider
chain. These new add-ons and components may block or redirect your
preferred network connections, and can negatively impact your computer’s
performance and stability. Elevated threats may also collect, transmit,
and share potentially sensitive data without adequate notice and consent. |
|
Advice
Type |
Remove |
|
Description |
WinFixer
is a disabled data repair utility that nags the user to purchase it in
order to fix the problems reported in its scan. |
|
Add.
Description |
WinFixer
is typically installed though security exploits and bundled with spyware/malware.
WinFixer sponsors an affiliate program via www.softwareprofit.com.
Webmasters participating in the program are paid according to the sales
generated from installation. The program will scan the computer and report
errors as repairable but does not provide any details to what is at risk.
It then recommends repair that requires a purchase to unlock the program.
It also sets a registry key to automatically launch the program on
startup. The program communicates with a statistic tracking server for the
purpose of web site tracking for its affiliate program. WinFixer may be
removed by using the Add/Remove Applet in the Windows Control Panel.
WinFixer is the same program as ErrorSafe. |
|
Author |
WinSoftware,
Ltd |
|
Author
Description |
"WinFixer
2005 is an effective cleaning and fixing utility that repairs damaged
files present on your system. Not only this! The application also removes
unwanted and unused files/folders from your computer thereby increasing
the disk space on your PC." |
|
Author
URL |
winfixer.com |
|
File
Traces |
|
|
|
%DESKTOPDIRECTORY%\uwfx5netinstaller.exe |
|
|
%DESKTOPDIRECTORY%\winfixer2005scannersetup.exe |
|
|
%DESKTOPDIRECTORY%\WinFixer2005Setup.exe |
|
|
%DESKTOPDIRECTORY%\winfixer2005trialsetup.exe |
|
|
%DESKTOPDIRECTORY%\winfixerscannerinstall.exe |
|
|
%LOCAL_SETTINGS%\temp\ni.uwfx5_0001_n56m0311\setup.exe |
|
|
%LOCAL_SETTINGS%\temp\ni.uwfx5_0001_n57m2811\setup.exe |
|
|
%LOCAL_SETTINGS%\temp\ni.uwfx6_0001_n68m2301\setup.exe |
|
|
%LOCAL_SETTINGS%\temp\winfixer2005scannersetup.exe |
|
|
%LOCAL_SETTINGS%\temp\winfixer2005setup.exe |
|
|
%LOCAL_SETTINGS%\temp\winfixer2006freesetup.exe |
|
|
%LOCAL_SETTINGS%\temp\winfixer2006setup.exe |
|
|
%LOCAL_SETTINGS%\temporary
internet files\content.ie5\s1aro92f\winfixer2005scannersetup[1].exe |
|
|
%PROGRAM_FILES%\common
files\winfixer 2005\fcrxml.dll |
|
|
%PROGRAM_FILES%\common
files\winfixer 2005\uwappchk.dll |
|
|
%program_files%\common
files\winfixer 2006\pcheck.dll |
|
|
%Program_Files%\Common
Files\WinSoftware\_WFF.exe |
|
|
%PROGRAM_FILES%\common
files\winsoftware\crxml.dll |
|
|
%PROGRAM_FILES%\common
files\winsoftware\pcheck.dll |
|
|
%Program_Files%\Common
Files\WinSoftware\WFF.exe |
|
|
%PROGRAM_FILES%\uwfx5_0001_n53l1025netinstaller.exe |
|
|
%PROGRAM_FILES%\uwfx5_0001_n56m0311netinstaller.exe |
|
|
%PROGRAM_FILES%\uwfx5_0001_ni53testnetinstaller.exe |
|
|
%program_files%\winfixer
2005\blpatch.exe |
|
|
%PROGRAM_FILES%\winfixer
2005\compclr.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\df_fix.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\df_prox.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\ffwrapr.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\flfxr_3.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\ftr.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\fxcr.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\idletrc.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\install.exe |
|
|
%PROGRAM_FILES%\winfixer
2005\mfix.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\str.exe |
|
|
%PROGRAM_FILES%\winfixer
2005\strrs.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\updater.exe |
|
|
%program_files%\winfixer
2005\uwfx5.exe |
|
|
%program_files%\winfixer
2005\blpatch.exe |
|
|
%program_files%\winfixer
2005\compcln.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\df_fixer.dll |
|
|
%program_files%\winfixer
2005\df_proxy.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\ffcom.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\ffwraper.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\filetyperecognizer.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\fixcore.dll |
|
|
%program_files%\winfixer
2005\ftrec.dll |
|
|
%program_files%\winfixer
2005\install.exe |
|
|
%PROGRAM_FILES%\winfixer
2005\mmfix.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\oedrop.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\sr.exe |
|
|
%program_files%\winfixer
2005\strres.dll |
|
|
%PROGRAM_FILES%\winfixer
2005\updater.exe |
|
|
%PROGRAM_FILES%\winfixer
2005\wfx5.exe |
|
|
%Program_Files%\WinFixer\d_fixer.dll |
|
|
%Program_Files%\WinFixer\d_proxy.dll |
|
|
%Program_Files%\WinFixer\flfxr_3.dll |
|
|
%Program_Files%\WinFixer\Install.exe |
|
|
%Program_Files%\WinFixer\Updater.exe |
|
|
%Program_Files%\WinFixer\WFX5.exe |
|
|
%Program_Files%\WinFixer\wfxcwr.exe |
|
|
%PROGRAM_FILES%\winfixer_2005\uwfx5.exe |
|
|
%program_files%\winfixer_2006\d_fixer.dll |
|
|
%program_files%\winfixer_2006\d_proxy.dll |
|
|
%program_files%\winfixer_2006\flfxr13.dll |
|
|
%program_files%\winfixer_2006\frec.dll |
|
|
%program_files%\winfixer_2006\fwraper.dll |
|
|
%program_files%\winfixer_2006\fxcore.dll |
|
|
%program_files%\winfixer_2006\idletrc.dll |
|
|
%program_files%\winfixer_2006\insthelp.exe |
|
|
%program_files%\winfixer_2006\mmfx.dll |
|
|
%program_files%\winfixer_2006\str.exe |
|
|
%program_files%\winfixer_2006\updater.exe |
|
|
%PROGRAM_FILES%\winfixer_2006\uwfx6.exe |
|
|
%PROGRAM_FILES%\winfixerfree\flfxr21.dll |
|
|
%PROGRAM_FILES%\winfixerfree\fwraper.dll |
|
|
%PROGRAM_FILES%\winfixerfree\fxcore.dll |
|
|
%PROGRAM_FILES%\winfixerfree\insthelp.exe |
|
|
%PROGRAM_FILES%\winfixerfree\mmfx.dll |
|
|
%PROGRAM_FILES%\winfixerfree\updater.exe |
|
|
%PROGRAM_FILES%\winfixerfree\uwinfx6.exe |
|
|
%PROGRAM_FILES%\winfixerfree\wfxcheck.dll |
|
|
%system%\df_kme.exe |
|
|
%SYSTEM%\dfe.exe |
|
|
%SYSTEM%\dfe1.exe |
|
|
%System%\dff.exe |
|
|
%temp%\winfixer2005setup.exe |
|
|
%windows%\desktop\winfixer2005scannersetup.exe |
|
|
%Windows%\Desktop\WinFixer2005Setup.exe |
|
|
%WINDOWS%\Desktop\WinFixer2005TrialSetup.exe |
|
|
%windows%\downloaded
program files\conflict.1\uwa6p_0001_n56m1011netinstaller.exe |
|
|
%windows%\downloaded
program files\uwfx5_0001_n66m1101netinstaller.exe |
|
|
%WINDOWS%\is-2L3SR.exe |
|
|
%Windows%\is-ONVBE.exe |
|
|
%windows%\local
settings\temp\ni.uwfx5_0001_n56m0311\setup.exe |
|
|
%windows%\local
settings\temp\winfixer2005scannersetup.exe |
|
|
%windows%\local
settings\temp\winfixer2005setup.exe |
|
|
%windows%\local
settings\temporary internet
files\content.ie5\s1aro92f\winfixer2005scannersetup[1].exe |
|
|
acaunbqp.exe |
|
|
kpknodnc.exe |
|
|
mfcmk32.dll |
|
|
oqatyqba.exe |
|
|
setup.exe |
|
|
sf.exe |
|
|
uers_0001_n68m1801netinstaller.exe |
|
|
updater.exe |
|
|
uwa5plp_0001_0721netinstaller.exe |
|
|
uwas5lp_0001_0811netinstaller.exe |
|
|
uwas5lp_0001_0908netinstaller.exe |
|
|
uwfx5.exe |
|
|
uwfx5_0001_lp1014netinstaller.exe |
|
|
uwfx5_0001_lpnetinstaller.exe |
|
|
uwfx5_0001_mninetinstaller.exe |
|
|
uwfx5_0001_n53l1025netinstaller.exe |
|
|
uwfx5_0001_n56m0311netinstaller.exe |
|
|
uwfx5_0001_n56t0311netinstaller.exe |
|
|
uwfx5_0001_n57m1511netinstaller.exe |
|
|
uwfx5_0001_n57m2112netinstaller.exe |
|
|
uwfx5_0001_n57m2811netinstaller.exe |
|
|
UWFX5_0001_N63M2912NetInstaller.exe |
|
|
uwfx5_0001_ni530211netinstaller.exe |
|
|
uwfx5_0001_ni53vmnetinstaller.exe |
|
|
uwfx5gb_0001_0822netinstaller.exe |
|
|
uwfx5lp_0001_0614netinstaller.exe |
|
|
uwfx5lp_0001_0715netinstaller.exe |
|
|
uwfx5lp_0001_0721netinstaller.exe |
|
|
uwfx5lp_0001_0802netinstaller.exe |
|
|
uwfx5lp_0001_0803netinstaller.exe |
|
|
uwfx5lp_0001_0826netinstaller.exe |
|
|
uwfx5netinstaller.exe |
|
|
uwfx5rs_0001_0808netinstaller.exe |
|
|
uwfx5t_0001_lpnetinstaller.exe |
|
|
uwfx5t_0001_n56m1411netinstaller.exe |
|
|
uwfx5tnetinstaller.exe |
|
|
uwfx5u_0001_lpnetinstaller.exe |
|
|
uwfx5unetinstaller.exe |
|
|
uwfx5v_0001_0725netinstaller.exe |
|
|
uwfx5v_0001_0802netinstaller.exe |
|
|
uwfx5v_0001_lpnetinstaller.exe |
|
|
uwfx5v_0001_n56m1411netinstaller.exe |
|
|
uwfx5vnetinstaller.exe |
|
|
uwfx5y_0001_lpnetinstaller.exe |
|
|
uwfx5y_0001_n56m1811netinstaller.exe |
|
|
uwfx5ylp_0001_0816netinstaller.exe |
|
|
uwfx5ynetinstaller.exe |
|
|
uwfx5z_0001_brnetinstaller.exe |
|
|
uwfx5z_0001_n56m1411netinstaller.exe |
|
|
uwfx5z_0001_ptnetinstaller.exe |
|
|
uwfx5zt_0001_0819netinstaller.exe |
|
|
uwfx6_0001_n68m2301netinstaller.exe |
|
|
uwfx6_0001_n69m1503netinstaller.exe |
|
|
was5scan[1].exe |
|
|
wfi[1].exe |
|
|
wfi_fra[1].exe |
|
|
wfi_spn.exe |
|
|
wfinstall.exe |
|
|
wfshell.dll |
|
|
wfx5.exe |
|
|
wfx5vi.exe |
|
|
wfxpscan[1].exe |
|
|
wfxscan[1].exe |
|
|
wfxscanr.exe |
|
|
wfxscanr[1].exe |
|
|
wfxscanz[1].exe |
|
|
winfixer2005freeinstall.exe |
|
|
winfixer2005install[1].exe |
|
|
winfixer2005install1014[1].exe |
|
|
winfixer2005installita[1].exe |
|
|
winfixer2005scannerinstall.exe |
|
|
winfixer2005scannerinstall[1].exe |
|
|
winfixer2005scannerinstall_br.exe |
|
|
winfixer2005scannerinstall_es.exe |
|
|
winfixer2005scannerinstallde.exe |
|
|
winfixer2005scannerinstallde[1].exe |
|
|
winfixer2005scannerinstallfra.exe |
|
|
winfixer2005scannerinstallfra[1].exe |
|
|
winfixer2005scannerinstallita.exe |
|
|
winfixer2005scannerinstallita[1].exe |
|
|
winfixer2005scannerinstallpt[1].exe |
|
|
winfixer2005scannerinstallspn.exe |
|
|
winfixer2005setup.exe |
|
|
winfixer2005update.exe |
|
|
winfixer2006freeinstall.exe |
|
|
winfixerscannerinstall.exe |
|
|
winfixerscannerinstallita[1].exe |
|
Type |
Adware |
|
Type
Description |
Adware,
also known as advertising software, displays third-party advertising on
the computer. The ads can take several forms, including pop-ups, pop-unders,
banners, or links embedded within web pages or parts of the Windows
interface. Some adware advertising might consists of text ads shown within
the application itself or within side bars, search bars, and search
results. Adware is often contextually or behaviorally based and tracks
browsing habits in order to display ads that are meant to be relevant to
the user. |
|
Category |
Adware
(General) |
|
Category
Description |
Adware,
also known as advertising software, displays third-party advertising on
the computer. The ads can take several forms, including pop-ups, pop-unders,
banners, or links embedded within web pages or parts of the Windows
interface. Some adware advertising might consists of text ads shown within
the application itself or within side bars, search bars, and search
results. Adware is often contextually or behaviorally based and tracks
browsing habits in order to display ads that are meant to be relevant to
the user. |
|
Level |
Elevated |
|
Level
Description |
Elevated
threats are typically installed without adequate notice and consent, and
may make unwanted changes to your system, such as reconfiguring your
browser’s homepage and search settings. These threats may install
advertising-related add-ons, including toolbars and search bars, or insert
advertising-related components into the Winsock Layered Service Provider
chain. These new add-ons and components may block or redirect your
preferred network connections, and can negatively impact your computer’s
performance and stability. Elevated threats may also collect, transmit,
and share potentially sensitive data without adequate notice and consent. |
|
Advice
Type |
Remove |
|
Author |
Aureate
Media |
|
File
Traces |
|
|
|
%system%\amcis2.dll |
|
|
%system%\gmaglue.exe |
|
|
adimage.dll |
|
|
agmail.exe |
|
|
ajj.exe |
|
|
amcis2.dll |
|
|
gmaglue.exe |
|
|
groupupdater.exe |
|
|
htmdeng.exe |
|
Type |
Surveillance
Tool |
|
Type
Description |
Surveillance
Tools are software applications that monitor and capture data from
computers including screenshots, keystrokes, web cam and microphone data,
instant messaging chat sessions, email, visited websites, programs run and
files accessed and files shared on a P2P (peer to peer) network. Many
Surveillance Tools can run in stealth mode, hidden from the user, and have
the ability to store captured data for later retrieval by or transmission
to another computer. A key logger is one simple, standard type of
Surveillance Tool. |
|
Category |
Commercial
Key Logger |
|
Category
Description |
A
Commercial Key Logger is a program that captures and logs keystrokes as
they are entered on the computer for the purpose of monitoring the user.
The logged data, which may be encrypted, is saved or sent to the person
who installed the key logger. These applications often run in stealth mode
and are invisible to the user that is being monitored. Such key loggers
are sold commercially and may be used legitimately if deployed by
authorized administrators and disclosed to the persons being monitored, as
in a business environment. The use of a key logger to monitor persons
without their knowledge has been ruled illegal in at least one
jurisdiction. |
|
Level |
High |
|
Level
Description |
High
risk threats are typically installed without user interaction through
security exploits, and can severely compromise system security. Such
threats may open illicit network connections, use polymorphic tactics to
self-mutate, disable security software, modify system files, and install
additional malware. These threats may also collect and transmit personally
identifiable information (PII) without your consent and severely degrade
the performance and stability of your computer. |
|
Advice
Type |
Remove |
|
Description |
Win-Spy
is a keylogger and monitoring tool that records keystrokes and other data. |
|
Add.
Description |
Win-Spy's
features include screen capture, keyword alerts, email monitoring, web cam
monitoring and recording, microphone monitoring and recording, brower
monitoring and recording. These functions can be done locally and
remotely. |
|
Author |
BC
Technologies |
|
Author
Description |
WinSpy
is a Complete Stealth Monitoring Software that can both monitor your Local
PC and Remote PC. WinSpy Software also includes Remote Install. WinSpy
Software will capture anything the user sees or types on the keyboard.
Users will be unaware of its existence. |
|
Author
URL |
win-spy.com |
|
File
Traces |
|
|
|
%LOCAL_SETTINGS%\temp\wzse0.tmp\embedinexcel.dll |
|
|
%SYSTEM%\chathandler.dll |
|
|
%system%\EmbedInExcel.dll |
|
|
%system%\EmExcel.dll |
|
|
%system%\Font\csrss.exe |
|
|
%SYSTEM%\font32\csrss.exe |
|
|
%System%\MSCDLR.dll |
|
|
%System%\MSCOMCTBN.dll |
|
|
%system%\pspsvc.dll |
|
|
%system%\WinHandler.dll |
|
|
%system%\XPAud\services.exe |
|
|
%windows%\acluc.exe |
|
|
%windows%\comres.exe |
|
|
%Windows%\comresr.exe |
|
|
%windows%\dcom32.exe |
|
|
%windows%\desktop.exe |
|
|
%windows%\dll\service.exe |
|
|
%windows%\enco64.exe |
|
|
%windows%\exref.exe |
|
|
%WINDOWS%\Firewall\service.exe |
|
|
%Windows%\ftre.exe |
|
|
%windows%\host32.exe |
|
|
%windows%\hpeg.dll |
|
|
%windows%\lic.exe |
|
|
%windows%\license.exe |
|
|
%windows%\MCLDR.dll |
|
|
%windows%\messanger.exe |
|
|
%windows%\messenger.exe |
|
|
%Windows%\MSCDLR.dll |
|
|
%Windows%\MSCLDR.dll |
|
|
%windows%\mscomm.exe |
|
|
%Windows%\mscompls.exe |
|
|
%Windows%\mscomr.exe |
|
|
%Windows%\msconres.exe |
|
|
%windows%\msimn32.exe |
|
|
%windows%\msmpls.exe |
|
|
%windows%\mstcl.exe |
|
|
%windows%\mswin32.exe |
|
|
%Windows%\ntserv32.exe |
|
|
%windows%\ntsvc32.exe |
|
|
%windows%\nvsvc32.exe |
|
|
%windows%\outlook32.exe |
|
|
%Windows%\outlook64.exe |
|
|
%windows%\outlookr.exe |
|
|
%windows%\pspsvc.dll |
|
|
%windows%\rcctr.exe |
|
|
%Windows%\rcdm.dll |
|
|
%windows%\rdesk.exe |
|
|
%windows%\refcdm.dll |
|
|
%windows%\refsc.exe |
|
|
%Windows%\refsdm.dll |
|
|
%windows%\rij12.exe |
|
|
%Windows%\sctrv32.exe |
|
|
%windows%\spools.exe |
|
|
%Windows%\svchost32.exe |
|
|
%windows%\syst32.exe |
|
|
%Windows%\taskrem.exe |
|
|
%windows%\uni3218.exe |
|
|
%windows%\unir.exe |
|
|
%windows%\winldm32.dll |
|
|
%Windows%\winndm32.dll |
|
|
%windows%\winsyst32.exe |
|
|
%windows%\wsdll.exe |
|
|
%Windows%\wsldll.exe |
|
|
%windows%\zclient.dll |
|
|
csrss.exe |
|
|
ex.exe |
|
|
mscomm.exe |
|
|
outlook.exe |
|
|
rij12.exe |
|
|
services.exe |
|
|
smt.exe |
|
|
syst.exe |
|
|
taskmgr.exe |
|
|
unin.exe |
|
|
unir.exe |
|
|
win-spy
eval setup.exe |
|
|
winspy.exe |
|
|
winsys.exe |
|
|
winsyst.exe |
|
|
winvid.exe |