Categories:Trojan,Adware,Downloader
[Kaspersky]TrojanDownloader.Win32.IstBar.j,TrojanDownloader.Win32.Small.wj,TrojanDropper.Win32.Small.mr;
[Panda]Adware/AdLogix,Adware/nCase,Spyware/ISTbarVisible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\msbb_gdf.dat
[%PROFILE_TEMP%]\temp.fr????\zango_gdf.dat
[%PROFILE_TEMP%]\temp.fr????\zango_kyf.dat
[%PROGRAM_FILES%]\180search Assistant Programs\180search Toolbar\180STUninstaller.exe
[%SYSTEM%]\ihquhtcl.exe
[%SYSTEM%]\irkkpury.exe
[%SYSTEM%]\saie_gdf.dat
[%SYSTEM%]\sain_gdf.dat
[%WINDOWS%]\180ax_gdf.dat
[%WINDOWS%]\didduid.ini
[%WINDOWS%]\msbb_gdf.dat
[%WINDOWS%]\saap_gdf.dat
[%WINDOWS%]\salm_gdf.dat
[%DESKTOP%]\installres.dll
[%PROFILE%]\Recent\installres.dll.lnk
[%PROFILE%]\recent\salm.log.lnk
[%PROFILE_TEMP%]\msbb.exe
[%WINDOWS%]\adg.exe
[%WINDOWS%]\avghalsb.exe
[%WINDOWS%]\cjqxe.exe
[%WINDOWS%]\downloaded program files\conflict.1\ncaseinstaller.dll
[%WINDOWS%]\downloaded program files\conflict.1\ncaselib.dll
[%WINDOWS%]\downloaded program files\ncaselib.dll
[%WINDOWS%]\knuzql.exe
[%WINDOWS%]\qhutst.exe
[%WINDOWS%]\vabctqp.exeIn order to ensure that the 180Solutions is launched automatically each time the system is booted, the 180Solutions adds a link to its executable file in the system registry:HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[%PROGRAM_FILES%]\180search Assistant Programs\180search Toolbar\180STUninstaller.exe
[%SYSTEM%]\ihquhtcl.exe
[%SYSTEM%]\irkkpury.exe
[%PROFILE_TEMP%]\msbb.exe
[%WINDOWS%]\adg.exe
[%WINDOWS%]\avghalsb.exe
[%WINDOWS%]\cjqxe.exe
[%WINDOWS%]\knuzql.exe
[%WINDOWS%]\qhutst.exe
[%WINDOWS%]\vabctqp.exe
Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista
Detecting 180Solutions:
Files:
[%PROFILE_TEMP%]\msbb_gdf.dat
[%PROFILE_TEMP%]\temp.fr????\zango_gdf.dat
[%PROFILE_TEMP%]\temp.fr????\zango_kyf.dat
[%PROGRAM_FILES%]\180search Assistant Programs\180search Toolbar\180STUninstaller.exe
[%SYSTEM%]\ihquhtcl.exe
[%SYSTEM%]\irkkpury.exe
[%SYSTEM%]\saie_gdf.dat
[%SYSTEM%]\sain_gdf.dat
[%WINDOWS%]\180ax_gdf.dat
[%WINDOWS%]\didduid.ini
[%WINDOWS%]\msbb_gdf.dat
[%WINDOWS%]\saap_gdf.dat
[%WINDOWS%]\salm_gdf.dat
[%DESKTOP%]\installres.dll
[%PROFILE%]\Recent\installres.dll.lnk
[%PROFILE%]\recent\salm.log.lnk
[%PROFILE_TEMP%]\msbb.exe
[%WINDOWS%]\adg.exe
[%WINDOWS%]\avghalsb.exe
[%WINDOWS%]\cjqxe.exe
[%WINDOWS%]\downloaded program files\conflict.1\ncaseinstaller.dll
[%WINDOWS%]\downloaded program files\conflict.1\ncaselib.dll
[%WINDOWS%]\downloaded program files\ncaselib.dll
[%WINDOWS%]\knuzql.exe
[%WINDOWS%]\qhutst.exe
[%WINDOWS%]\vabctqp.exe
Folders:
[%PROGRAM_FILES%]\180search assistant programs
Registry Keys:
HKEY_CURRENT_USER\software\180solutions
HKEY_CURRENT_USER\software\saie
HKEY_CURRENT_USER\software\salm
HKEY_LOCAL_MACHINE\software\180solutions
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\ncase
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\ncaselib.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\180search toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\salm
HKEY_LOCAL_MACHINE\software\salm
HKEY_CLASSES_ROOT\interface\{8dd50c56-8a07-40b9-98c4-3f169e3ae28e}
HKEY_LOCAL_MACHINE\software\iefeatures
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\conflict.1\ncaseinstaller.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\conflict.1\ncaselib.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\ncaselib.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\msbb
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ncase
Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\motoin
HKEY_LOCAL_MACHINE\software\motoin
Removing 180Solutions:
An up-to-date copy of ExterminateIt should detect and prevent infection from 180Solutions.
If you do not have ExterminateIt and you are worried that you may have infected computer,you could run trial version of ExterminateIt, or remove 180Solutions manually.
To completely manually remove 180Solutions malware from your computer,you need to delete the Windows registry keys and registry values, the files and foldersassociated with 180Solutions.
- Use Task Manager to terminate the 180Solutions process.
- Delete the original 180Solutions file and folders.
- Delete the system registry key parameters
- Update your antivirus databases or buy antivirus software and perform a full scan of the computer.
We recommends that all Internet users
back up any important information on their computers,
enable maximum protection from network attacks and malicious code on their computers,
refrain from executing suspicious programs received from untrustworthy sources.
ExterminateIt effectively and automatically removes 180Solutions from you computer
and is a good solution for those who are seeking easy and effective protection for their computer
from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).
Download ExterminateIt! to instantly get rid of 180Solutions!
Check now if your PC is infected with 180Solutions
You can buy full version of ExterminateIt at RegNow.com.
Also Be Aware of the Following Threats:
Remove 180Search Assistant Spyware
Remove 123cha.com Trojan
Remove 123counts.com Tracking Cookie
Remove 123Search Adware
Remove 123bar BHO
Posts
