Archive for May, 2006

New SpywareQuake Variant - ywbicim.dll

May 31, 2006 at 10:26 am · Filed under Spyware, spywarequake

New SpywareQuake variant found today as well: C:\Windows\System32\ywbicim.dll.

Reg keys for C:\Windows\System32\ywbicim.dll:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler]
“{6c69e319-0d03-47da-997a-36586cbc53b3}”=”fortread”

[HKEY_CURRENT_USER\Software\Classes\CLSID\
{6c69e319-0d03-47da-997a-36586cbc53b3}\InProcServer32]
@=”C:\\WINDOWS\\system32\\ywbicim.dll”

The SpywareQuake removal instructions have been updated for this variant.

Tags: No Tags

Comments

New SpyFalcon variant

May 30, 2006 at 3:00 pm · Filed under Spyware, SpyFalcon

New SpyFalcon variant found today as well: C:\Windows\System32\higjxe.dll
Reg keys for C:\Windows\System32\higjxe.dll:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler]
“{a0c51615-738a-4542-801a-5af61614e182}”=”bedimples”

[HKEY_CURRENT_USER\Software\Classes\CLSID\
{a0c51615-738a-4542-801a-5af61614e182}\InProcServer32]
@=”C:\\WINDOWS\\system32\\higjxe.dll”

SpyFalcon removal guide updated.

Tags: No Tags

Comments

Three new SpywareQuake variants released.

May 30, 2006 at 9:59 am · Filed under Spyware, spywarequake

This week the people who write SpyFalcon have instead focused on bringing out some new variants for SpywareQuake. As always the SpywareQuake removal instructions have been updated for these variants.
Reg keys for C:\Windows\System32\yhbdupd.dll:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler]
“{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}”=”alongshore”

[HKEY_CURRENT_USER\Software\Classes\CLSID\
{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}\InProcServer32]
@=”C:\\WINDOWS\\System32\\yhbdupd.dll”

Reg keys for C:\Windows\System32\imfdfcj.dll:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler]
“{e5b1e382-817e-4b74-8a96-ec78751e6acf}”=”incatenate”

[HKEY_CURRENT_USER\Software\Classes\CLSID\
{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@=”C:\\WINDOWS\\system32\\imfdfcj.dll”

Reg keys for C:\Windows\System32\hvnwm.dll:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler]
“{62eb0924-19d2-4226-b4b9-8ad1f70904c1}”=”bronchovascular”

[HKEY_CURRENT_USER\Software\Classes\CLSID\
{62eb0924-19d2-4226-b4b9-8ad1f70904c1}\InProcServer32]
@=”C:\\WINDOWS\\system32\\hvnwm.dll”

Tags: No Tags

Comments

New SpyFalcon variant - bolnyz.dll

May 29, 2006 at 6:49 pm · Filed under Spyware, SpyFalcon

New SpyFalcon variant released: C:\Windows\System32\bolnyz.dll
Registry keys involved:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler]
“{f5947202-e9cb-4a72-88e7-22f2cbd2b124}”=”chenopodiaceae”

[HKEY_CURRENT_USER\Software\Classes\CLSID\
{f5947202-e9cb-4a72-88e7-22f2cbd2b124}\InProcServer32]
@=”C:\\WINDOWS\\system32\\bolnyz.dll”

SpyFalcon removal guide updated.

Tags: No Tags

Comments

Two more SpyFalcon variants

May 19, 2006 at 10:48 am · Filed under Spyware, SpyFalcon

Two more variants:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler]
“{5bc82bdb-bc03-4671-9a78-3ef2b68449de}”=”advisability”

[HKEY_CURRENT_USER\Software\Classes\CLSID\
{5bc82bdb-bc03-4671-9a78-3ef2b68449de}\InProcServer32]
@=”C:\WINDOWS\system32\oqipt.dll

and

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler]
“{70fbd528-2d3c-4a00-9b8c-bbf441e534be}”=”AutoDisc Ware”

[HKEY_CURRENT_USER\Software\Classes\CLSID\
{70fbd528-2d3c-4a00-9b8c-bbf441e534be}\InProcServer32]
@=”C:\WINDOWS\System32\iqzv.dll

SpyFalcon removal guide updated.

Tags: No Tags

Comments (1)

SpyFalcon hits again..3 new variants in one day.

May 18, 2006 at 7:48 pm · Filed under Spyware, SpyFalcon

Another new SpyFalcon variant.  Anyone else getting bored of all of these?

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler]
“{a566f298-05a6-4b3d-b672-da7c27316430}”=”AutoDisc Ware”

[HKEY_CURRENT_USER\Software\Classes\CLSID\
{a566f298-05a6-4b3d-b672-da7c27316430}\InProcServer32]
@=”C:\WINDOWS\system32\htey.dll”

SpyFalcon removal guide updated.

Tags: No Tags

Comments

New SpyFalcon Variants

May 18, 2006 at 2:44 pm · Filed under Spyware, SpyFalcon

Two new variants of SpyFalcon have been released.  The SpyFalcon removal guide has been updated to reflect these new variants.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler]
“{89aef01d-d237-49c7-84dc-4e1904c1fd31}”=”AutoDisc Ware”

[HKEY_CURRENT_USER\Software\Classes\CLSID\
{89aef01d-d237-49c7-84dc-4e1904c1fd31}\InProcServer32]
@=”C:\WINDOWS\system32\sbnudh.dll

and

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler]
“{e04408db-4812-4478-8d4d-e46edcffd3b6}”=”AutoDisc Ware”

[HKEY_CURRENT_USER\Software\Classes\CLSID\
{e04408db-4812-4478-8d4d-e46edcffd3b6}\InProcServer32]
@=”C:\WINDOWS\system32\fyhhxw.dll

Rumors are that the  C:\WINDOWS\system32\fyhhxw.dll  infector has randomly changing CLSID.

Tags: No Tags

Comments

Removal guide for Spyware Sheriff and the Antispylab.com

May 11, 2006 at 9:28 pm · Filed under Spyware, AntiMalware, anti-spyware, antispylab.com, spyware sheriff

Spyware Sheriff and the Antispylab.com infections are starting to get decent visibility in many of the antimalware forums.  Due to this demand we have put together a detail guide on the removal of this infection.  This guide can be found here:

How to remove Spyware Sheriff and Antispylab

Tags: No Tags

Comments

SpyFalcon coming on strong..new variant appmagr.dll

May 11, 2006 at 2:00 pm · Filed under Spyware, SpyFalcon

I recently said on a mailling list that SpyFalcon is going for a resurgence. Unfortunately I was correct. C:\WINDOWS\system32\appmagr.dll is the third new variant in a little over a week.

Appmagr.dll is loaded via the following registry keys:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler]
“{64ba30a2-811a-4597-b0af-d551128be340}”=”AppManager”

[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\
{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32]
@=”C:\WINDOWS\system32\appmagr.dll”

The SpyFalcon removal instructions have been updated for this variant.

Tags: No Tags

Comments

New SpyFalcon variant.. reglogs.dll

May 5, 2006 at 10:45 am · Filed under Spyware, SpyFalcon

SpyFalcon is coming back strong and have released their latest variant, C:\Windows\System32\reglogs.dll.

Reglogs.dll is loaded via the following registry keys:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler]
“{35a88e51-b53d-43e9-b8a7-75d4c31b4676}”=”Register LogWare”

[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\
{35a88e51-b53d-43e9-b8a7-75d4c31b4676}\InProcServer32]
@=”C:\WINDOWS\system32\reglogs.dll”
The SpyFalcon removal instructions have been updated for this variant.

Tags: No Tags

Comments

« Previous entries ·

Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Malware Removal Guides


© 2003-2008 All Rights Reserved Bleeping Computer LLC.

Featured Microsoft Expert Zone Community