NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Foamer. Description and removal instructions

 
Title: Foamer
 Also known as: Moaphie
Type: Worms
Severity scale:Foamer severity is 52  (52 / 100)
 
Foamer, also known as Moaphie, is a worm that spreads through mapped network drives. Once executed, the parasite installs itself to the system and runs a payload. It disables the Task Manager and the Registry Editor, modifies some Windows settings and changes the Internet Explorer default home page. Foamer may also attempt to send e-mail messages and execute arbitrary files downloaded from the Internet. The worm runs on every Windows startup displaying fake error message.

FORUM:
Discuss Foamer in
spyware removal forum

Related files: explorer.exe, moaphie.exe, svchost.exe, winnt.exe

Foamer properties:
• Changes browser settings
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic Foamer removal:

remover for Foamer

Foamer manual removal:

Kill processes:
explorer.exe, moaphie.exe, svchost.exe, winnt.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winnt
HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main\Start Page=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\Policies\Explorer=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\Policies\System=1
HKEY_LOCAL_MACHINE\SOFTWARE\MoaphieSig
HELP:
how to remove registry entries

Delete files:
explorer.exe, moaphie.exe, svchost.exe, winnt.exe
HELP:
how to remove harmful files

Misc:
[site address] is an address of a web site on the websamba.com domain.

Exact file location:
svchost.exe, winnt.exe - C:\Windows or C:\Winnt
moaphie.exe - the root of mapped network drives
explorer.exe - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32

Other programs to remove Foamer:

• SUPERAntiSpyware - Review - Download
• CounterSpy - Review - Download
• Windows Defender - Review - Download

Information added: 20/10/06
Information updated: 13/12/06

Additional resources related to Foamer:

Attention: If you know or you have a website or page about Foamer removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Foamer parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. by Guest. 2006-12-13 19:12:43
you wrote:"It disables the Task Manager and the Registry Editor" so how can we remove reg keys and kill processes??????????
Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.