NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove AntiLamer Light. Description and removal instructions

 
Title: AntiLamer Light
Type: Remote Administration Tools
Severity scale:AntiLamer Light severity is 60  (60 / 100)
 
This RAT program is just one of a big RAT virus family, created by OverG. Like it’s "brother" AntiLamer Backdoor, it is supposed to steal valuable info from users. But it is much easier to use and has much less functions. The main purpose of this software is stealing passwords. To do so, the program tries to capture passwords as they are transmitted. The origination date is May 2002. The programming language is Delphi. Several versions appeared since May 2002 to April 2003.

FORUM:
Discuss AntiLamer Light in
spyware removal forum

AntiLamer Light properties:
• Allows remote user connection
• Logs keystrokes
• Hides from the user
• Stays resident in background

Automatic AntiLamer Light removal:

remover for AntiLamer Light

AntiLamer Light manual removal:

Kill processes:
config.exe, editsrv.exe, [program files]\\websx\\int327777.exe, [program files]\\websx\\int339890.exe, runw.exe, server.exe, [system root]\\runwin32.exe, [system root]\\system\\runwin.exe, [system root]\\system\\runwindows32.exe, trojan1.exe, trojan2.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\software\antilamer backdoor\color1 HKEY_LOCAL_MACHINE\software\anti-lamer backdoor\color1 HKEY_LOCAL_MACHINE\software\antilamer backdoor\color2 HKEY_LOCAL_MACHINE\software\anti-lamer backdoor\color2 HKEY_LOCAL_MACHINE\software\antilamer backdoor\color3 HKEY_LOCAL_MACHINE\software\anti-lamer backdoor\color3 HKEY_LOCAL_MACHINE\software\antilamer backdoor\downloadfolder HKEY_LOCAL_MACHINE\software\anti-lamer backdoor\downloadfolder HKEY_LOCAL_MACHINE\software\antilamer backdoor\ip HKEY_LOCAL_MACHINE\software\anti-lamer backdoor\ip HKEY_LOCAL_MACHINE\software\antilamer backdoor\lang HKEY_LOCAL_MACHINE\software\antilamer backdoor\loggerport HKEY_LOCAL_MACHINE\software\anti-lamer backdoor\loggerport HKEY_LOCAL_MACHINE\software\antilamer backdoor\nick HKEY_LOCAL_MACHINE\software\anti-lamer backdoor\nick HKEY_LOCAL_MACHINE\software\antilamer backdoor\port HKEY_LOCAL_MACHINE\software\anti-lamer backdoor\port HKEY_LOCAL_MACHINE\software\classes\acontixcontrol HKEY_LOCAL_MACHINE\software\classes\clsid\{7589eee6-e336-11d4-8a7e-ee1d971d9b47} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7589eee6-e336-11d4-8a7e-ee1d971d9b47} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7589eee6-e336-11d4-8a7e-ee1d971d9b47}\installer HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7589eee6-e336-11d4-8a7e-ee1d971d9b47}\systemcomponent HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\af HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\av HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\con HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\con1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\con2 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\myp HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\number HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\numberon HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\keyconfig\ps HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/acontix.ocx\.owner HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/acontix.ocx\{7589eee6-e336-11d4-8a7e-ee1d971d9b47} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\runwin32 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\runwindows HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\5-1-14-24\displayicon HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\5-1-14-24\displayname HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\5-1-14-24\uninstallstring
HELP:
how to remove registry entries

Unregister DLLs:
edit.dll
HELP:
how to unregister malicious DLLs

Delete files:
_iu14d2n.tmp-065eaffd.pf, 6.26.2004.10.53.33....0.reg, 6.26.2004.10.53.34....1.dat 6.26.2004.10.53.34....1.reg aconti.exe-105d3294.pf alb.exe-01f9e69e.pf alb.exe-0e801625.pf alb.exe-0fe358f0.pf alb.exe-328f3713.pf antilamer light.txt backdoor.antilam.13.a.exe-3ab6a254.pf backdoor.antilam.20.j.exe-25e4239f.pf collecteddata_127.xml collecteddata_196.xml collecteddata_200.xml collecteddata_202.xml collecteddata_210.xml collecteddata_218.xml config.exe config.exe-0b915f83.pf config.exe-28993197.pf [desktop]\\5-1-14-24.lnk drwtsn32.exe-2b4b52ac.pf edit.dll editsrv.exe editsrv.exe-020c4fa9.pf edtsrv.exe-34c94755.pf edtsrv.exe-3861317c.pf edtsrv.exe-39d44f73.pf edtsrv.exe-3af77064.pf english.reg int327777.exe-22f4e5c7.pf int327777.exe-317926e6.pf int327777.sdb joiner.exe-37b4e594.pf new_alb.exe-080f644e.pf [profile path]\\administrator\\start menu\\5-1-14-24.lnk [profile path]\\administrator\\start menu\\programs\\5-1-14-24.lnk [program files]\\websx\\int327777.exe [program files]\\websx\\int339890.exe [program files]\\websx\\websx.ini readme.htm readme.txt runw.exe runw.exe-0acf03f1.pf server.exe server.exe-04168f44.pf server.exe-19885956.pf server.exe-1e8ebe0c.pf server.exe-1ea17666.pf server.exe-1fb68265.pf server.exe-1ff20139.pf smt.exe-245bb5ee.pf [system root]\\runwin32.exe [system root]\\system\\runwin.exe [system root]\\system\\runwindows32.exe trojan.exe-0c7fe615.pf trojan.psw.allight.10.b trojan1.exe trojan1.exe-007581cd.pf trojan1.exe-0d8b60b3.pf trojan2.exe trojan2.exe-12ee91de.pf trojan2.exe-2c402d8d.pf unins000.exe-1da47506.pf websx.dlg
HELP:
how to remove harmful files

Delete directories:
[program files]\websx

Other programs to remove AntiLamer Light:

• SUPERAntiSpyware - Review - Download
• CounterSpy - Review - Download
• Windows Defender - Review - Download

Information added: 05/03/05
Information updated: 11/03/05

Additional resources related to AntiLamer Light:

Attention: If you know or you have a website or page about AntiLamer Light removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about AntiLamer Light parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:

Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.