ThreatRemove.com - Your Computer Threats Removal Guide

Adware.Vapsup is an adware-related Windows Internet Explorer plugin that installed by the Troj/Zlob family. Based on user’s browsing habits, Adware.Vapsup will automatically display unsolicited advertisements, using means of popups, banners, and changes to the homepage or search page of browser, etc.

Once installed on system, this worm will immediately create several files into several system directories, and modify the Windows registry with the purpose to register itself as a browser add-on toolbar. As a result, Adware.Vapsup may secretly run on every Internet browser startup.

How to Get Rid of Adware.Vapsup?

There are several ways to detect and remove Adware.Vapsup. The method you choose should be based on your own comfort and computer skill level. You can evaluate the methods below and choose which suits you best. Learn more on Adware.Vapsup Manual Removal Instructions.

Automatic Adware.Vapsup removal:

Win32.Zafi.b is a worm threat that spreads through e-mail and p2p network. If your PC system is infected with Perfect Defender 2009, you may see the Win32.Zafi.b in the false system security alert message. As it is known, Perfect Defender 2009 is a rogue anti-spyware program that lures PC users into purchasing its full version, by showing up fake security scanning results and system warnings.

Win32.Zafi.b is a destructive worm that may prevent anti-virus and other security products from working normally. It may even disable the RegEdit, MSconfig, Task Manager, or launch a DoS attack against certain Hungarian web sites.

How to Get Rid of Win32.Zafi.b?

There are several ways to detect and remove Win32.Zafi.b. The method you choose should be based on your own comfort and computer skill level. You can evaluate the methods below and choose which suits you best. Learn more on Win32.Zafi.b Manual Removal Instructions.

Automatic Win32.Zafi.b removal:

Worm.Win32.Mabezat.b is a polymorphic parasitic file infector of executable files that propagating itself by making use of removable media and shared folders in LAN. Meanwhile, Worm.Win32.Mabezat.b is a worm for the Windows platform that searches for executables on local drives and the network.

Worm.Win32.Mabezat.b usually copies itself into existing folders of removal drives. The used filenames are the followings:
Adjust Time.exe
AmericanOnLine.exe
Antenna2Net.exe
BrowseAllUsers.exe
CD Burner.exe
Crack_GoogleEarthPro.exe
Disk Defragmenter.exe
FaxSend.exe
FloppyDiskPartion.exe
GoogleToolbarNotifier.exe
HP_LaserJetAllInOneConfig.exe
IDE Conector P2P.exe
InstallMSN11Ar.exe
InstallMSN11En.exe
JetAudio dump.exe
KasperSky6.0 Key.doc.exe
Lock Folder.exe
LockWindowsPartition.exe
Make Windows Original.exe
MakeUrOwnFamilyTree.exe
Microsoft MSN.exe
Microsoft Windows Network.exe
msjavx86.exe
NokiaN73Tools.exe
Office2003 CD-Key.doc.exe
Office2007 Serial.txt.exe
PanasonicDVD_DigitalCam.exe
RadioTV.exe
Recycle Bin.exe
RecycleBinProtect.exe
ShowDesktop.exe
Sony Erikson DigitalCam.exe
Win98compatibleXP.exe
Windows Keys Secrets.exe
WindowsXp StartMenu Settings.exe
WinrRarSerialInstall.exe

How to Get Rid of Worm.Win32.Mabezat.b?

There are several ways to detect and remove Worm.Win32.Mabezat.b. The method you choose should be based on your own comfort and computer skill level. You can evaluate the methods below and choose which suits you best. Learn more on Worm.Win32.Mabezat.b Manual Removal Instructions.

Automatic Worm.Win32.Mabezat.b removal:

W32.Mariofev.A is a worm that attempts to spread over the Network Shares by copying itself, usually using the passwords as following:!@#, 1212, 123, 123456, 1313, 666, 777, adm, admin, administrator, administrator, asa, pass, password, qaz, qazxsw, qqq, qwerty, test, zaq, zaqwsx and zzz. To report the infection notification and upload itself, W32.Mariofev.A may contact the remote websites [http://]66.36.241.45/sdb/gate/ and [http://]66.36.241.45/sdb/gate/data.

What is more, W32.Mariofev.A may terminate the registry subkeys that contain the following strings to lower system security configurations:
*\shellex\ContextMenuHandlers\NOD32 Context Menu Shell Extension
AllFilesystemObjects\shellex\ContextMenuHandlers\SpySweeper
ALWIL Software\Avast
Arovax AntiSpyware
Chilkat Software, Inc.
ComputerAssociates\eTrustPestPatrol
Doctor Web, Ltd.
FRISK Software International
Grisoft\AVGAntiSpyware
KasperskyLab
McAfee\McAfee AntiSpyware
McAfee\VirusScan
Panda Software
PepiMK Software\SpybotSnD
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-aware 6 Personal
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware SE Personal
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVir PersonalEdition Classic
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClamAV
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBlaster_is1
SOFTWIN\BitDefender Desktop\Maintenance\Install
Spyware Begone!
Symantec\Symantec AntiVirus
SYSTEM\ControlSet001\Services\avgntflt
SYSTEM\CurrentControlSet\Services\WinDefend
Ukranian Antivirus center
Vba32
VMware, Inc.
VMware, Inc.\VMware Tools

How to Get Rid of W32.Mariofev.A?

There are several ways to detect and remove W32.Mariofev.A. The method you choose should be based on your own comfort and computer skill level. You can evaluate the methods below and choose which suits you best. Learn more on W32.Mariofev.A Manual Removal Instructions.

Automatic W32.Mariofev.A removal:

Worm.Win32.Netbooster is a worm that appears in fake security alerts from rogue antispyware which usually gets installed onto your PC without your permission, through Trojan, malware and virus (or you could get it by installing a fake video codec). Worm.Win32.Netbooster popups could read “Your browser was hijacked by Worm.Win32.Netbooster” and is supposed to scare you into buying the fake antispyware, like Smitfraud. You’re not really infected with Worm.Win32.Netbooster — you’re infected with fake anti-spyware that you need to remove.

Worm.Win32.Netbooster Variants: Trojan.Win32, Worm.Win32 and Trojan.Win32.Obfuscated.gx

How to Get Rid of Worm.Win32.Netbooster?

There are several ways to detect and remove Worm.Win32.Netbooster. The method you choose should be based on your own comfort and computer skill level. You can evaluate the methods below and choose which suits you best. Learn more on Worm.Win32.Netbooster Manual Removal Instructions.

Automatic Worm.Win32.Netbooster removal:

W32.Koobface.B is a Windows platform network worm that spreads via social network sites such as Facebook and MySpace, in order to send users a copy of itself. This threat usually targets Facebook users by creating spam messages and sending them to the E-mail addresses within the victim’s system via the Facebook web site.

When the threat firstly executes, it automatically creates the following registry entry so that it runs whenever Windows system starts up: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”systray” = “C:\Windows\fbtre6.exe” Then it will show up the error message saying: Error installing Codec. Please contact support. Moreover, W32.Koobface.B will check for social network cookies, and change your profile by adding links to hazardous sites that contain worms.

How to Get Rid of W32.Koobface.B?

There are several ways to detect and remove W32.Koobface.B. The method you choose should be based on your own comfort and computer skill level. You can evaluate the methods below and choose which suits you best. Learn more on W32.Koobface.B Manual Removal Instructions.

Automatic W32.Koobface.B removal:

Worm/Mytob.AP is a mess-mailing network worm that infects computers running Windows. It propagates via the Internet as E-mail attachments to all E-mail addresses harvested from the infected system. This worm also propagates via LSASS vulnerability

After installing onto computer system, Worm/Mytob.AP will open a random TCP port so as to establish a connection to the IRC servers, including spm.slo-partija.info, spm.gobice.netand egwf.wegberobpk.info. As a result, it is possible for a hazardous remote user to have full access to the system, to collect information harvested from the infected machine, to download, execute and remove files through the IRC channels.

Worm/Mytob.AP is also known as: Net-Worm.Win32.Mytob.u [Kaspersky Lab] is also known as: W32/Mydoom.gen@MM [McAfee], W32.Mytob.AG@mm [Symantec], Win32.HLLM.MyDoom.37 [Doctor Web], W32/MyDoom-AJ [Sophos]

How to Get Rid of Worm/Mytob.AP?

There are several ways to detect and remove Worm/Mytob.AP. The method you choose should be based on your own comfort and computer skill level. You can evaluate the methods below and choose which suits you best. Learn more on Worm/Mytob.AP Manual Removal Instructions.

Automatic Worm/Mytob.AP removal:

Worm:W32/Downadup.AL is a network-aware worm that attempts to use computer or network resources to replicate across the existing network. Worm:W32/Downadup.AL includes code or other malware to damage both the system and the network. It may spread by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability; it also attempts to spread to network shares protected by weak passwords and blocks access to security-related Web sites.

How to Get Rid of Worm:W32/Downadup.AL?

There are several ways to detect and remove Worm:W32/Downadup.AL. The method you choose should be based on your own comfort and computer skill level. You can evaluate the methods below and choose which suits you best. Learn more on Worm:W32/Downadup.AL Manual Removal Instructions.

Automatic Worm:W32/Downadup.AL removal:

Worm/KillAV.GR is an E-mail and network worm for Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, and Windows XP. This worm automatically checks the system date and attempts to rewrite files with certain extensions (such as doc, xls, mdb, mde, ppt, pps, zip, rar, pdf, psd and dmp) on the third day of every month. This can result in loss of data in these files.

Worm/KillAV.GR propagates by spreading copies of itself to E-mail addresses that it harvests from files on the infected computer, using its own SMTP (Simple Mail Transfer Protocol) engine. Moreover, this worm deletes auto-start registry entries and related files of several programs, most of which are associated with antivirus and firewall applications.

Worm/KillAV.GR is also known as W32/MyWife.d@MM!M24 [McAfee], W32.Blackmal.E@mm [Symantec], Win32.Nyxem.E@mm [Bitdefender], W32/Nyxem-D [Sophos], WORM_GREW.A [Trend Micro], W32/Tearec.A.worm [Panda], Email-Worm.Win32.Nyxem.e [Kaspersky]

How to Get Rid of Worm/KillAV.GR?

There are several ways to detect and remove Worm/KillAV.GR. The method you choose should be based on your own comfort and computer skill level. You can evaluate the methods below and choose which suits you best. Learn more on Worm/KillAV.GR Manual Removal Instructions.

Automatic Worm/KillAV.GR removal:

Worm/Mytob.AT is a mass-mailing worm that uses its own SMTP engine to scatter an E-mail to the addresses it collects from the victim’s computer. Then a direct connection with the destination server will be established. This threat may be packed with a variety of compressed files. Approximately, the size of the compressed file is 55 KB, and the uncompressed file is even larger, up to 200 KB in size. Once executed, the worm will excerpt access to security related sites and terminate certain Windows programs such as task manager.

Worm/Mytob.AT spreads over the Internet community by exploiting the LSASS vulnerability and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow.

Worm/Mytob.AT is also known as Exploit-Lsass.g.gen [McAfee], W32.Mytob.AK@mm [Symantec], Win32.HLLM.MyDoom.33 [Doctor Web], W32/Mytob-Z [Sophos], WORM_MYTOB.AK [Trend Micro], W32/Mytob.AJ.worm [Panda].

How to Get Rid of Worm/Mytob.AT?

There are several ways to detect and remove Worm/Mytob.AT. The method you choose should be based on your own comfort and computer skill level. You can evaluate the methods below and choose which suits you best. Learn more on Worm/Mytob.AT Manual Removal Instructions.

Automatic Worm/Mytob.AT removal: